Triage visualization for digital media exploitation
MetadataShow full item record
Digital forensic examiners are overwhelmed by case loads and data volumes and must prioritize their work. This thesis hypothesis that digital forensic examiners can employ triage visualizations to prioritize work loads. This thesis presents a simple one page visualization of disk activity for Windows FAT and NTFS filesystems. The visualization is constructed from filesystem meta data carved by the open source bulk_extractor digital forensics application. The visualization does not require further examination or reconstruction of file system metadata. The visualization is able to detect minor obfuscation or modification and overwriting of file system timestamps.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Whitney, Mark R. (Monterey, California. Naval Postgraduate School, 1994-12);This thesis successfully demonstrates the ability to apply realistic visualization to a training application with a commercially available software program. It is increasingly important with the trend of decreasing military ...
Vega, Karla; Gaither, Kelly; Samsel, Francesca; Johnson, Gregory P.; Dimitrov, Nedialko; Meyers, Lauren Ancel (2013);This poster describes the design methodology and results for a pandemic visualization tool that was developed for validating a pandemic model. This work is the result of a collaboration between domain scientists, ...
Lee, Suyoung (Monterey, California: Naval Postgraduate School, 2016-03);Modern data sets often consist of unstructured data and mixed data; that is, they include both numerical and categorical variables. Often, these data sets will include noise, redundancy, missing values and outliers. ...