Study on event correlation analysis in evidence chain structure

Author

Liu Dong ; Wei Yong-qing

Author_Institution

Sch. of Inf. Sci. & Eng., Shandong Normal Univ., Jinan, China

Volume

2

fYear

2012

fDate

3-5 Aug. 2012

Firstpage

1056

Lastpage

1060

Abstract

Computer forensics has limitations in representation formalism of the electronic evidence and data missing. A method in construction of electronic evidence chain was proposed on the basis of the study and analysis of event correlation, and it makes use of Bayesian network inference algorithm, which analysis of causal relationship of the events to deal with the missing data. This method to consider the interaction between evidence events and sequence relationship, it realizes formalization of the electronic evidence and reduces data redundancy in evidence analysis, which strengthens the pertinence of data process and evidence analysis, forensics system becomes more perfect.

Keywords

belief networks; computer forensics; inference mechanisms; redundancy; Bayesian network inference algorithm; computer forensics; data redundancy reduction; electronic evidence chain construction; electronic evidence formalism representation; event causal relationship analysis; event correlation analysis; missing data formalism representation; sequence relationship; Correlation; Bayesian network; computer forensics; electronic evidence; event correlation; evidence chain;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology in Medicine and Education (ITME), 2012 International Symposium on

Conference_Location

Hokodate, Hokkaido

Print_ISBN

978-1-4673-2109-9

Type

conf

DOI

10.1109/ITiME.2012.6291482

Filename

6291482