UMBC Cyber Defense Lab Research Meeting
Using data visualization techniques to support digital forensics
Tim Leschke
11:00am-12:15pm, Friday, Feb 3, 2012
ITE Room 228
Digital forensic examiners explore large datasets in search of evidence of a crime. In order to keep pace with the growing amount of data that is subject to a forensic examination, digital forensic examiners need to be more selective about the data they examine. One way to be selective about data is to focus attention at data that has changed-over-time. We present Change-Link, a data exploration tool which allows the user to see directories that have changed within an operating system. Our novel contributions are 1) the development of a segmented-box-and-whisker icon for representing change to individual directories, and 2) the first data visualization tool developed specifically for the domain of digital forensic data. We show that by using Change-Link to view change to a directory-tree structure, digital forensic examiners can enhance their ability to perform forensic examinations.
Tim Leschke is a Ph.D. student in the Computer Science program at UMBC.
Host: Professor Alan Sherman