CAT Detect (Computer Activity Timeline Detection) : a tool for detecting inconsistency in computer activity timelines

Marrington, Andrew , Baggili, Ibrahim , Mohay, George M., & Clark, Andrew J. (2011) CAT Detect (Computer Activity Timeline Detection) : a tool for detecting inconsistency in computer activity timelines. Digital Investigation, 8(Sup), S52-S61.

View at publisher


The construction of timelines of computer activity is a part of many digital investigations. These timelines of events are composed of traces of historical activity drawn from system logs and potentially from evidence of events found in the computer file system. A potential problem with the use of such information is that some of it may be inconsistent and contradictory thus compromising its value. This work introduces a software tool (CAT Detect) for the detection of inconsistency within timelines of computer activity. We examine the impact of deliberate tampering through experiments conducted with our prototype software tool. Based on the results of these experiments, we discuss techniques which can be employed to deal with such temporal inconsistencies.

Impact and interest:

1 citations in Scopus
5 citations in Web of Science®
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 45908
Item Type: Journal Article
Refereed: Yes
Keywords: Timeline inconsistency , Event correlation , Precondition event , Happened-before , CAT detect
DOI: 10.1016/j.diin.2011.05.007
ISSN: 1742-2876
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2011 Elsevier
Copyright Statement: This is the author’s version of a work that was accepted for publication in Digital Investigation. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in PUBLICATION, 8(Supplement), s52-s61, 2011,
Deposited On: 18 Sep 2011 22:55
Last Modified: 18 Sep 2011 22:55

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page