Title :
Study on event correlation analysis in evidence chain structure
Author :
Liu Dong ; Wei Yong-qing
Author_Institution :
Sch. of Inf. Sci. & Eng., Shandong Normal Univ., Jinan, China
Abstract :
Computer forensics has limitations in representation formalism of the electronic evidence and data missing. A method in construction of electronic evidence chain was proposed on the basis of the study and analysis of event correlation, and it makes use of Bayesian network inference algorithm, which analysis of causal relationship of the events to deal with the missing data. This method to consider the interaction between evidence events and sequence relationship, it realizes formalization of the electronic evidence and reduces data redundancy in evidence analysis, which strengthens the pertinence of data process and evidence analysis, forensics system becomes more perfect.
Keywords :
belief networks; computer forensics; inference mechanisms; redundancy; Bayesian network inference algorithm; computer forensics; data redundancy reduction; electronic evidence chain construction; electronic evidence formalism representation; event causal relationship analysis; event correlation analysis; missing data formalism representation; sequence relationship; Correlation; Bayesian network; computer forensics; electronic evidence; event correlation; evidence chain;
Conference_Titel :
Information Technology in Medicine and Education (ITME), 2012 International Symposium on
Conference_Location :
Hokodate, Hokkaido
Print_ISBN :
978-1-4673-2109-9
DOI :
10.1109/ITiME.2012.6291482
