Abstract
Extracting relevant information from large volumes of digital evidence is a significant challenge for digital forensic investigators. Manual analysis is time-consuming and error-prone, and the sheer volume of data can make it difficult to identify correlations and key events. To address this challenge, this research project has developed a new framework that extracts metadata activity timelines and identifies correlations between them. By using this framework, investigators can generate automated correlation data for use in timeline or graph-based visualization. This framework is designed to extract relevant activity or event-based data, design a framework that allows the creation of custom activity or event-based, custodian-specific correlation data, and test the theoretical framework by creating proof-of-concept python implementation code. The resulting insights are novel, enabling investigators to identify crucial correlations and information about document content, order of document revisions, and other relevant metadata activities.
| Original language | English |
|---|---|
| Article number | 51447 |
| Pages (from-to) | 1002-1009 |
| Journal | International Journal for Research in Applied Science & Engineering Technology |
| Volume | 11 |
| Issue number | V |
| DOIs | |
| Publication status | Published - 11 May 2023 |
Keywords
- Digital forensics
- metadata activity timelines
- automated insights
- data correlation