Rule-based Entity Recognition for Forensic Timeline

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

In digital forensics, the sequence of all events in a forensic image needs to be analyzed. Building a forensic timeline is one of the possible techniques. Naturally, the forensic timeline contains several standard entities, such as date, time, and host name. Another field provided by a forensic timeline is a message, which is a brief description of an event. To assist investigators in analyzing the incident, a more detailed identification of the entity name is needed from the message text. In this paper, rule-based entity recognition is proposed. We also discuss the advantages and disadvantages of this technique. Experimental results show that the entities in the message column have been annotated successfully.

Original languageEnglish
Title of host publication2023 Conference on Information Communications Technology and Society, ICTAS 2023 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665489300
DOIs
Publication statusPublished - 2023
Event7th Conference on Information Communications Technology and Society, ICTAS 2023 - Durban, South Africa
Duration: 8 Mar 20239 Mar 2023

Publication series

Name2023 Conference on Information Communications Technology and Society, ICTAS 2023 - Proceedings

Conference

Conference7th Conference on Information Communications Technology and Society, ICTAS 2023
Country/TerritorySouth Africa
CityDurban
Period8/03/239/03/23

Keywords

  • digital forensics
  • forensic timeline
  • log2timeline plaso
  • named entity recognition

Fingerprint

Dive into the research topics of 'Rule-based Entity Recognition for Forensic Timeline'. Together they form a unique fingerprint.

Cite this