Triage visualization for digital media exploitation
MetadataShow full item record
Digital forensic examiners are overwhelmed by case loads and data volumes and must prioritize their work. This thesis hypothesis that digital forensic examiners can employ triage visualizations to prioritize work loads. This thesis presents a simple one page visualization of disk activity for Windows FAT and NTFS filesystems. The visualization is constructed from filesystem meta data carved by the open source bulk_extractor digital forensics application. The visualization does not require further examination or reconstruction of file system metadata. The visualization is able to detect minor obfuscation or modification and overwriting of file system timestamps.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Whitney, Mark R. (Monterey, California. Naval Postgraduate School, 1994-12);This thesis successfully demonstrates the ability to apply realistic visualization to a training application with a commercially available software program. It is increasingly important with the trend of decreasing military ...
Vega, Karla; Gaither, Kelly; Samsel, Francesca; Johnson, Gregory P.; Dimitrov, Nedialko; Meyers, Lauren Ancel (2013);This poster describes the design methodology and results for a pandemic visualization tool that was developed for validating a pandemic model. This work is the result of a collaboration between domain scientists, ...
Lee, Suyoung (Monterey, California: Naval Postgraduate School, 2016-03);Modern data sets often consist of unstructured data and mixed data; that is, they include both numerical and categorical variables. Often, these data sets will include noise, redundancy, missing values and outliers. ...