FishEYE: A Forensic Tool for the Visualization of Change-Over-Time in Windows VSS

dc.contributor.advisor Yong Guan Tioh, Jin-Ning
dc.contributor.department Electrical and Computer Engineering 2018-07-22T11:59:52.000 2020-06-30T02:49:42Z 2020-06-30T02:49:42Z Tue Jan 01 00:00:00 UTC 2013 2015-07-30 2013-01-01
dc.description.abstract <p>For the digital forensic examiner, being able to perceive change-over-time supports the goal of being able to explain "what happened." In our thesis, we focus on the improvements brought to digital forensic analysis by the visualization of forensic data and its application to digital forensic data that records change-over-time, specifically for a directory-tree structure and its content. By perceiving digital evidence visually, investigators are able to speed up the forensic analysis process, and at the same time better comprehend new unique relationships between data as well as more easily comprehend it in terms of its global context.</p> <p>To provide multiple snapshots of a directory-tree structure, we chose to utilize Shadow Copy (also known as Volume Snapshot Servie or Volume Shadow Copy Service or VSS), a technology included in Microsoft Windows which allows for the taking of manual or automatic backup copies or snapshots of data (including whole volumes) over regular intervals. VSS was chosen since it is a potential gold mine of forensic information, having been included in every version of Microsoft Windows since Windows XP.</p> <p>In this thesis, we propose and develop a tool to take advantage of the information contained within VSS by applying the fisheye focus+context visualization approach to the directory tree structure, with a series of segmented boxes for each to represent change-over-time for each directory/file, accomplishing our goal of providing investigators a clear picture of how a directory-tree structure has changed over time at a glance.</p>
dc.format.mimetype application/pdf
dc.identifier archive/
dc.identifier.articleid 4444
dc.identifier.contextkey 4615944
dc.identifier.s3bucket isulib-bepress-aws-west
dc.identifier.submissionpath etd/13437
dc.language.iso en
dc.source.bitstream archive/|||Fri Jan 14 19:52:38 UTC 2022
dc.subject.disciplines Computer Engineering
dc.title FishEYE: A Forensic Tool for the Visualization of Change-Over-Time in Windows VSS
dc.type article
dc.type.genre thesis
dspace.entity.type Publication
relation.isOrgUnitOfPublication a75a044c-d11e-44cd-af4f-dab1d83339ff thesis Master of Science
Original bundle
Now showing 1 - 1 of 1
1.98 MB
Adobe Portable Document Format