ONTOLOGIES AND THE SEMANTIC WEB FOR DIGITAL INVESTIGATION TOOL SELECTION

The nascent field of digital forensics is heavily influenced by practice. Much digital forensics research involves the use, evaluation, and categorization of the multitude of tools available to researchers and practitioners. As technology evolves at an increasingly rapid pace, the digital forensics field must constantly adapt by creating and evaluating new tools and techniques to perform forensic analysis on many disparate systems such as desktops, notebook computers, mobile devices, cloud, and personal wearable sensor devices, among many others. While researchers have attempted to use ontologies to classify the digital forensics domain on various dimensions, no ontology of digital forensic tools has been developed that defines the capabilities and relationships among the various digital forensic tools. To address this gap, this work develops an ontology using Resource Description Framework (RDF) and Ontology Web Language (OWL) which is searchable via SP ARQL (an RDF query language) and catalogues common digital forensic tools. Following the concept of ontology design patterns, our ontology has a modular design to promote integration with existing ontologies. Furthermore, we progress to a semantic web application that employs reasoning in order to aid digital investigators with selecting an appropriate tool. This work serves as an important step towards building the knowledge of digital forensics tools. Additionally, this research sets the preliminary stage to bringing semantic web technology to the digital forensics domain as well as facilitates expanding the developed ontology to other tools and features, relationships, and forensic techniques.