13 Citations (Scopus)


An investigator needs to analyze a forensic timeline after a cybersecurity incident has occurred. Log entries from various sources are used to generate a forensic timeline. Finding the anomalous activities recorded in these log records is a difficult task if manual inspection or keyword searches are used. In this work, we propose a method for identifying anomalies in a forensic timeline. We use deep autoencoders as a machine learning technique to establish a baseline for normal activities in log files. Furthermore, we set an anomaly threshold of reconstruction value based on the constructed baseline. We then plot these anomalous events on a forensic timeline. Our experiments indicate that the proposed method achieves superior performance compared to other log anomaly detection methods with overall mean F1 score and accuracy of 94.036% and 96.720%, respectively.

Original languageEnglish
Article number103002
JournalJournal of Information Security and Applications
Publication statusPublished - Dec 2021


  • Anomaly detection
  • Autoencoders
  • Feature extraction
  • Forensic timeline


Dive into the research topics of 'Anomaly detection in a forensic timeline with deep autoencoders'. Together they form a unique fingerprint.

Cite this