Saturday, November 14, 2015

 "Autopsy Feature: Graphical Timeline Analysis"
By: Basis Technology
Source: http://www.basistech.com/autopsy-feature-graphical-timeline-analysis-for-cyber-forensics/

Summary

The following is an article about a tool developed to help investigators and intelligence professionals in Timeline Analysis. The tool is a timeline feature as part of the Autopsy software toolkit, which is a software that assists in forensic analysis of computer systems. The Autopsy 3.0.5 will have the feature, thus allowing collection of timeline data for computer forensics.

The system scrapes data from various computer and web sources and arranges them into an activity timeline. In the example, it analyzed the activity concerning a jpeg file of a picture of Osama Bin Laden. It then had a bar chart showing the timeline of the activity concerning the picture. The article then goes into how the tool can be used in other ways. At the macro-level, an investigator can use the tool to see how a specific computer was used. The tool gives a picture of the timeline of the computer. At the micro-level, an investigator can use the tool to analyze the place where a specific breech took place and look at the timeline of events around the breech. In general, this tool gives a timeline autopsy of the computer world.

Critique

The tool itself appears to be quite useful, only weakness is that it's only applicable to cyber situations. But general timeline analysis is pretty basic and can be done at a basic level fairly simply. My critique is of the method in general. I see it was useful in criminal investigations when identifying patterns is a vital goal and discovering clues is the primary "requirement". But, when using it to formulate an intelligence estimate I question how effective it is at actually providing a structured reasonably unbiased estimate. It is in my opinion more of a tool to organize information/evidence and then use that timeline to move forward in your analysis. Simply using timeline analysis to make your estimate seems inadequate in most situations.


8 comments:

  1. This is not a journal article that in any way increases our ability to understand, evaluate, or perform timeline analysis - it is a how-to for a new feature on an outdated cyber forensics software (Autopsy 4.0 was released last month). While the feature and software do look interesting, this user's guide does not help.

    ReplyDelete
    Replies
    1. Ya the literature was pretty scant from what I've found in regards to timeline analysis. I thought the software was interesting though for the cyber-forensics field, albeit this was just a snapshot. I'm sure soon enough there will be newer and better timeline related cyber forensic software.

      Delete
    2. I agree with Andrew, the tool looks interesting but is irrelevant to our discussion.

      Delete
  2. It sounds like this could be a powerful, if niche, piece of software. I just feel like I don't really understand what it does based off of your description. For example what kind of activity is being recorded in relation to the UBL jpeg?

    ReplyDelete
    Replies
    1. If I understood it correctly, it looked at the macro-environment of computers who downloaded that image or had posted that image online. I think what they are trying to say is let's say today there is some active ISIS related photograph being talked about and posted online by known jihadists, if you had the file name you could then track the activity. I'm not 100% sure on that since I don't have the software but that's how I understood it.

      Delete
  3. As you criticize this tool only works for computer related issues. Does article mention or do you have any information about a generic tool that is applicable for distinct types of intelligence requirements?

    ReplyDelete
    Replies
    1. No, I have not found any generic tools to use. I suppose basic excel or word is good enough to chart a timeline for analysis.

      Delete
  4. Although this article may seem irrelevant to some because it does not further our understanding of the technique itself, I do appreciate the its abilities as a tool. I do wish, however, that it was applicable to other issues that were not only computer related. Otherwise, excel seems like the best tool to for timeline analysis as of right now due to its flexibility.

    ReplyDelete