Download presentation
Presentation is loading. Please wait.
Published byRonaldo Leão Ramires Modified over 5 years ago
1
Dr. Bhavani Thuraisingham The University of Texas at Dallas
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas XIRAF – XML-based indexing and querying for digital forensics
2
Abstract of Paper 1 This paper describes a novel, XML-based approach towards managing and querying forensic traces extracted from digital evidence. This approach has been implemented in XIRAF, a prototype system for forensic analysis. XIRAF systematically applies forensic analysis tools to evidence files (e.g., hard disk images). Each tool produces structured XML annotations that can refer to regions (byte ranges) in an evidence file. XIRAF stores such annotations in an XML database, which allows us to query the annotations using a single, powerful query language (XQuery). XIRAF provides the forensic investigator with a rich query environment in which browsing, searching, and predefined query templates are all expressed in terms of XML database queries
3
Introduction Framework for forensic analysis called XIRAF
A clean separation between feature extraction and analysis Features extracted are stored in XML format A single, XML-based output format for forensic analysis tools The use of XML database technology for storing and querying the XML output of analysis tools.
4
XIRAF Framework Consists of three components
Feature extraction manager Features are extracted from BLOBs (Binary large objects) using feature extraction tools Output of the tools are coded in XML for the forensics analyzer Tool repository Tools are wrapped (e.g., object wrappers) Storage subsysystem Stores BLOBs and XML annotations XQuery used to query XML data
5
Forensic Applications
Authors have implemented following applications Timeline browser: Through web browser examiner can look at data/time of interest Photo search Search for images satisfying certain conditions Child pornography detection Using hashing carried out matching
6
Summary and Directions
The separation of feature extraction and analysis brings benefits to both phases. XIRAF extracts features automatically, which is essential when processing large input sets. The use of XML as a common, intermediate output format for tools allows the integration of the output of diverse, independent tools that produce similar information. This handles both the heterogeneity present in the input data (e.g., different browser types) and with the diversity of forensic analysis tools. These benefits are demonstrated both by the timeline browser and by child pornography detection program. By storing extracted features in an XML database system one can analyze those features using a single, general-purpose, powerful query language. In addition, we benefit automatically from advances that are made in the area of XML database systems Directions: Use semantic web technologies?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.