Automated Timeline Anomaly Detection

Author

Joshua M. Barone, University of New OrleansFollow

Date of Award

Spring 5-2013

Degree Type

Thesis

Degree Name

M.S.

Degree Program

Computer Science

Department

Computer Science

Major Professor

Richard III, Golden

Second Advisor

Roussev, Vassil

Third Advisor

DePano, Adlai

Abstract

Digital forensics is the practice of trained investigators gathering and analyzing evidence from digital devices such as computers and smart phones. On these digital devices, it is possible to change the time on the device for a purpose other than what is intended. Currently there are no documented techniques to determine when this occurs. This research seeks to prove out a technique for determining when the time has been changed on forensic disk image by analyzing the log files found on the image. Out of this research a tool is created to perform this analysis in automated fashion. This tool is TADpole, a command line program that analyzes the log files on a disk image and determines if a timeline anomaly has occurred.

Rights

The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.

Recommended Citation

Barone, Joshua M., "Automated Timeline Anomaly Detection" (2013). University of New Orleans Theses and Dissertations. 1609.
https://scholarworks.uno.edu/td/1609