The Case Theory approach generates the investigative plan (see if a, b or c occurred) and if the theory is correct, evidence of guilt. If not, the investigator may amend his theory, e.g., company C is paying official A, and try again. This approach also enables one to prove, to a certain extent, that a suspected act did not occur. Investigator One, after inter-viewing a dozen witnesses, did not know if bribes had been paid or not, only that he could not prove it. Investigator Two, however, can have some assurance that the alleged acts did not take place, if no evidence appears in support of his test assumptions. Remember, the Case Theory approach is simply an investigative tool to generate a hypothesis that can organize and direct an investigation, based on the information available at the time. It should not be treated as evidence itself. Do not be too committed to any particular theory and be ready to amend or abandon it as necessary.
This thesis addresses issues regarding digital forensics frameworks, methods, A Hypothesis-Based Approach to Digital Forensic - CERIAS, Purdue A HYPOTHESIS-BASED APPROACH TO DIGITAL.
Free evidence Essays and Papers - 123HelpMe
300000 RDF triples
Has the system communicated with any blacklisted network host?
Are there any malicious files on the disk that have been downloaded from the Web and from where?
Have there been any unsuccessful connection attempts originated from systems in the same network as the one that hosted the malicious file?
Which files have been created or accessed shortly after the malicious file was downloaded?
Which files have been accessed shortly before the host communicated with any blacklisted network host?
Which websites have been visited by the user shortly before the download of the malicious file?
Research Questions & Limitations
How can the Semantic Web technologies and the Linked Data initiative be applied to Digital Forensics?
How a common ontological-based knowledge representation layer can improve the level of integration of currently disjoint specialized areas of DF such as storage, network, mobile, live memory and others?
How such a new method may improve the efficiency and capabilities of existing DF investigation models, techniques and tools?