DIALOG: A framework for modeling, analysis and reuse of digital forensic knowledge
This work addresses the need for standardized knowledge representation in digital forensics, particularly for investigators, but it appears incremental as it builds on existing ontology concepts.
The paper tackles the problem of managing and reusing digital forensic knowledge by introducing DIALOG, a framework that provides a general vocabulary for describing investigations, with a focus on modeling the Windows Registry and analysis tools, enabling reasoning-based interpretation of results.
This paper presents DIALOG (Digital Investigation Ontology); a framework for the management, reuse, and analysis of Digital Investigation knowledge. DIALOG provides a general, application independent vocabulary that can be used to describe an investigation at different levels of detail. DIALOG is defined to encapsulate all concepts of the digital forensics field and the relationships between them. In particular, we concentrate on the Windows Registry, where registry keys are modeled in terms of both their structure and function. Registry analysis software tools are modeled in a similar manner and we illustrate how the interpretation of their results can be done using the reasoning capabilities of ontology