CAT Detect (Computer Activity Timeline Detection) : a tool for detecting inconsistency in computer activity timelines
Marrington, Andrew , Baggili, Ibrahim , Mohay, George M., & Clark, Andrew J. (2011) CAT Detect (Computer Activity Timeline Detection) : a tool for detecting inconsistency in computer activity timelines. Digital Investigation, 8(Sup), S52-S61.
The construction of timelines of computer activity is a part of many digital investigations. These timelines of events are composed of traces of historical activity drawn from system logs and potentially from evidence of events found in the computer file system. A potential problem with the use of such information is that some of it may be inconsistent and contradictory thus compromising its value. This work introduces a software tool (CAT Detect) for the detection of inconsistency within timelines of computer activity. We examine the impact of deliberate tampering through experiments conducted with our prototype software tool. Based on the results of these experiments, we discuss techniques which can be employed to deal with such temporal inconsistencies.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
|Item Type:||Journal Article|
|Keywords:||Timeline inconsistency , Event correlation , Precondition event , Happened-before , CAT detect|
|Subjects:||Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)|
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
|Copyright Owner:||Copyright 2011 Elsevier|
|Copyright Statement:||This is the author’s version of a work that was accepted for publication in Digital Investigation. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in PUBLICATION, 8(Supplement), s52-s61, 2011, http://dx.doi.org/10.1016/j.diin.2011.05.007|
|Deposited On:||18 Sep 2011 22:55|
|Last Modified:||18 Sep 2011 22:55|
Repository Staff Only: item control page