Intelligent user activity timelines
Supervisor
Suitable for
Abstract
"Operating system store temporal data in multiple locations. Digital investigators are often tasked with reconstructing timelines
of user activities. Timeline generation tools such as log2timeline can aid in extracting temporal data, similarly, 'Professonal'
tools such as Encase and Autopsy build and visualise low level timelines. Collectively, these tools: (1) provide (often high
levels of) low level data, and (2) are not able to apply any form of reasoning.
This project involves the extraction of temporal data and the application of reasoning algorithms to develop reliable event
sequences of interest to an investigator.
Useful references: Olsson, J. and Boldt, M., 2009. Computer forensic timeline visualization tool. digital investigation, 6,
pp.S78-S87.
Buchholz, F.P. and Falk, C., 2005, August. Design and Implementation of Zeitline: a Forensic Timeline Editor. In DFRWS."