SlideShare a Scribd company logo

Correlation Analysis of Forensic Metadata for Digital Evidence

I
IJCSIS Research Publications

Metadata is the information that is embedded in a file whose contents are the explanation of the file. In the handling of the main evidence with a metadata-based approach is still a lot of manually in search for correlation related files to uncover various cases of computer crime. However, when correlated files are in separate locations (folders) and the number of files will certainly be a formidable challenge for forensic investigators in analyzing the evidence. In this study, we will build a prototype analysis using a metadata-based approach to analyze the correlation of the main proof file with the associated file or deemed relevant in the context of the investigation automatically based on the metadata parameters of Author, Size, File Type and Date. In this research, the related analysis read the characteristics of metadata file that is file type Jpg, Docx, Pdf, Mp3 and Mp4 and analysis of digital evidence correlation by using specified parameters, so it can multiply the findings of evidence and facilitate analysis of digital evidence. In this research, the result of correlation analysis of digital evidence found that using parameter of Author, Size, File Type and Date found less correlated file while using parameter without Size and File Type found more correlated file because of various extension and file size.

Technology
1 of 5
Download to read offline
Abstract— Metadata is the information that is embedded in a file whose contents are the explanation of the file. In the handling of the main evidence with a metadata-based approach is still a lot of manually in search for correlation related files to uncover various cases of computer crime. However, when correlated files are in separate locations (folders) and the number of files will certainly be a formidable challenge for forensic investigators in analyzing the evidence. In this study, we will build a prototype analysis using a metadata-based approach to analyze the correlation of the main proof file with the associated file or deemed relevant in the context of the investigation automatically based on the metadata parameters of Author, Size, File Type and Date. In this research, the related analysis read the characteristics of metadata file that is file type Jpg, Docx, Pdf, Mp3 and Mp4 and analysis of digital evidence correlation by using specified parameters, so it can multiply the findings of evidence and facilitate analysis of digital evidence. In this research, the result of correlation analysis of digital evidence found that using parameter of Author, Size, File Type and Date found less correlated file while using parameter without Size and File Type found more correlated file because of various extension and file size. Keywords: Metadata, Forensic, Correlation, Digital, Evidence I. INTRODUCTION s the heterogeneity of digital evidence in investigation continues to evolve with technological advances, we are faced with newer digital devices, more artifacts and a variety of file formats, these developments bring benefits, while at the same time providing new opportunities for crime in information technology [1]. In many cases, there is a digital evidence that can assist the officer in uncovering a criminal case. One of them through information about the contents of a data or file called file metadata. Metadata is information that is embedded in a file in the form of annotation of the file. Metadata contains information about the contents of a data used for the purpose of file or data management that later in a database [2]. Metadata is often called "information about information" or "data about data" [2]. So far, investigators of forensic analysis in the handling of major evidence with a metadata-based approach are still manually in search of correlation of related files. However, when correlated files are in separate locations (folders) and the number of files will certainly be a formidable challenge for forensic investigators in analyzing such digital evidence [1]. Metadata-based researches have been conducted, among others, by [3] linking data with other information, the user accessing it, the file directory where it was stored, the last time it was copied, and so on. Subsequent research Conducting analysis to verify metadata associated with images and track using GPS features [7]. To facilitate the process of correlation analysis, In his research build an AssocGEN analysis system using metadata to determine the association between user file artifacts, logs, and disposal of network packets and identify metadata to classify and determine correlations between artifacts and related artifact groups [5]. Forensic metadata has been done by previous research but by building different tools and parameters. Research with metadata-based forensics has been done by [4]. In his research, a forensic metadata system is used to read metadata characteristics in general and look for metadata correlation files with one parameter: file owner, file size, file date and file type. According to [5]. By using forensic metadata tools will greatly facilitate investigators in analyzing the correlation of digital evidence. So in this study will build a prototype to understand and read the characteristics of metadata in general and detail the specific metadata and identify, analyze the metadata correlation to group related files or relationships that are considered relevant in the context of investigation automatically based on metadata parameters that is Author, Size , File Type and Date. By using some and all parameters that have been determined, so as to multiply the findings of evidence and facilitate analysis of digital evidence. With this research is expected to contribute to forensic analysts in analyzing the correlation of digital evidence with a metadata-based approach. II. LITERATURE REVIEW Several previously conducted studies related to forensic metadata serve as a reference in the writing of this research, among others; In his research build an AssocGEN analysis system using metadata to determine the association between user file artifacts, logs, and disposal of network packets and identify metadata to group and specify correlations between artifacts and related artifact groups [5]. Other studies use various formats and metadata types to validate different types of documents and files that have a Corelation Analysis Of Forensic Metadata For Digital Evidence Zaenudin Departement of Informatics Universitas Islam Indonesia, Yogyakarta, Indonesia STMIK Mataram, Indonesia 15917124@students.uii.ac.id Bambang Sugiantoro Departement of Information System UIN Sunan Kalijaga Yogyakarta, Indonesia bambang.sugiantoro@uin-suka.ac.id Yudi Prayudi Departement of Informatics Universitas Islam Indonesia Yogyakarta, Indonesia prayudi@uii.ac.id A International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 85 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
number of formats and metadata types, which can be used to find properties of a file, document or activity of a network. In addition, metadata is widely used in any condition, where metadata can provide a variety of evidence between a group of people, as some do not know the type of information stored in their documents [6]. In his research aims to forensic examination of metadata that is linking data with other information, users who access it, file directory where the storage, last copied, and so forth. In a case, Metadata can produce indirect evidence to support evidence [3]. Next research Perform analysis to verify metadata associated with images and track using GPS features based on GPS Height, Latitude GPS, GPS Longitude and GPS position using Geo tagging feature) [7]. Subsequent research analyzed the BitCurator project to develop an extensible strategy for converting and combining digital forensic metadata into the archive metadata scheme and focusing on metadata generated by the open-source Digital Forensic (DFXML) tool [8]. Related research creates a metadata application for reading file metadata in general and can find files based on file correlation with one of the parameters of the file metadata [4]. From the above literature studies, in this study, will build a prototype for understanding and reading metadata characteristics in general and specific metadata detail and identifying, analyzing metadata correlations for grouping related files or relationships deemed relevant in the context of investigation automatically based on metadata parameters ie Author, Size, File Type and Date. By using some and all parameters that have been determined, so as to multiply the findings of evidence and facilitate analysis of digital evidence. With this research is expected to contribute to forensic analysts in analyzing the correlation of digital evidence with a metadata-based approach. III. BASIC THEORY A. Tools The tools used to build forensic metadata are netbeans. Netbeans is a Java-based Integrated Development Environment (IDE) application from Sun Microsystems that runs on swing. Swing is a Java technology for desktop application development that can run on various platforms such as windows, linux, Mac OS X and Solaris. An IDE is a programming scope that is integrated into a software application that provides a Graphic User Interface (GUI), an editor or text code, a compiler and a debugger [9] B. Classification of Digital Evidence In the investigation of the evidence is very important for the sustainability of the case being investigated, because with the evidence that will be analyzed to reveal the motives and perpetrators of the crime. Investigators are expected to understand the types of evidence so that at the time of investigation they recognize the priority of priority evidence. There are several similar terms, namely electronic evidence, digital evidence and evidence findings. Electronic evidence is physical and visually recognizable (computer, hand phone, camera, CD, hard drive, Tablet, CCTV etc.). While digital evidence is evidence that is extracted or recovered from electronic evidence (file, email, sms, image, video, logs, text). Digital Proof of Evidence is a proof taken from electronic evidence conducted analysis of the evidence, type of digital evidence, among others, Email / Email Address, Web History / Cookies, Image File, logical file, Deleted File, Lost File, Slack files, File Logs, Encrypted Files, Steganography files, Office files, Audio Files, Video Files, User ID and Password, Short Message Service (SMS), Multimedia Message Service (MMS), Call Logs. Findings of evidence is a digital evidence more meaningful as the output analysis obtained by investigators who directly lead to the reconstruction of the case being faced. In this case, digital evidence is information directly related to the data required by the investigator in the investigation process [10]. C. Metadata Concepts Metadata can be interpreted as "data (spatial) data", containing information about data characteristics and plays an important role in data exchange mechanisms. Through metadata information expected data users can interpret the data in the same way, when users see directly spatial data. The metadata document contains information that describes the characteristics of the data, especially the content, quality, condition, and manner of obtaining it. Metadata is used to perform pertinent spatial data documentation about who, what, when, where, and how spatial data is prepared. There are several types of metadata files such as Descriptive Metadata is Data that can identify the source of information so that it can be used to facilitate the process of discovery and selection. Coverage included in this data is the author, title, year of publication, subject or keyword headers and other information that the process of filling is the same as the traditional catalog. Administrative Metadata is Data that can not only identify the source of information but also how it is managed. The scope of this data is the same as the descriptive data only with the data maker, the time of manufacture, the file type, other technical data. In addition, this data also contains information about access rights, intellectual property rights, storage and preservation of information resources. Structural Metadata is Data that can make between the related data can be related to each other. More explicitly, this metadata is used to determine the relationship between physical files and pages, pages and chapters and chapters with books as the final product [11]. D. Test Flow Metadata Forensic Systems In forensic metadata research for the analysis of evidence, correlation includes several stages of testing is the testing phase to read the characteristics of metadata and testing to perform metadata correlation. a) Metadata File Characteristic Reading Flow Here is described in detail the steps of use of this application in viewing the characteristics of the metadata file in Figure 2 flowchart below: International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 86 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
Start Input BD Files (Docx, Pdf, Jpg, Mp3, Mp4) The Process of Recognizing and Reading File Metadata Metadata File Metadata File Read End Metadata File Not Read Y T Figure 2. Flowchart Reading Characteristics of Metadata File Explanation of the testing process to read the characteristics of metadata file using forensic metadata system that is built first to start or forensic metadata system is run, then input file digital evidence that will read metadata, the process of multiplying and reading the metadata file, there are conditions where the metadata file cannot read will return to the input file object evidence, then metadata that can be read metadata will be directly displayed metadata last program in closing or finished. b) Metadata File Correlation Testing Flow Here is described in detail the steps of the use of this application program to perform the correlation of the file in figure 3. flowchart below: Start Input BD Files (Docx, Pdf, Jpg, Mp3, Mp4) The Process of Recognizing and Reading File Metadata Files Files Found End Files Not Found Y T Search Process Correlation Metadata file Select Correlation Options with parameters (Author, File Type, File Size, File Date) Associated Processing / Grouping BD Processing Select Path Location Figure 3. Flowchart Process Testing System / Tools Correlation Metadata file First start the forensic metadata system, then do input the main evidence file to read metadata, then the process of understanding and reading the metadata file, then select the location of the correlation path and then select the correlation option with parameters, than the system will find the metadata correlation based on parameter selection, if the file is not found it will return to the correlation option but the correlation file found then will proceed to the analysis process and the last system is completed. IV. RESEARCH METHODS The method used in forensic metadata research for this correlation analysis of digital evidence can be seen in Figure 1 below: International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 87 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
Figure 1. The Proposed Methodology research methodology that will be built outline is divided into three stages, namely the first stage consists of problem identification and literature review, second stage or stage design and testing tools consist of data collection methods, system requirements analysis, system design, system implementation and testing tools, analysis of test results and the final stage of the completion stage of the conclusion contains the preparation of research reports. V. ANALYSIS AND RESULT In this study, the prototype has been built from the implementation until the results of analysis and discussion. Test prototypes built with some predefined files and to analyze the metadata correlation with specified parameters. A. Results Read File Characteristics File Method The main evidence file that will read metadata first in browse after the program will process until identified metadata then will appear metadata in general table, checksum and detail as in table 1 below: Table 1. The result of reading metadata image file TTD.jpg No Kind of Metadata Value 1 Location file E:Bahan-BahanTTD.jpg 2 Name File TTD.jpg 3 Type File Jpg 4 Author Zen Alkarami 5 Computer DESKTOP-HJQGNJT 6 Owner 46 DESKTOP-HJQGNJTZen B. Results of File Metadata Correlation Analysis The result of correlation analysis of metadata file based on parameter ie; Author, Size, File Type and Date. By testing files with extension Jpg, Docx, Pdf, Mp3, and Mp4. In one folder As follows: a) Correlation Results with Author, Size, File Type and Date Parameters The result of metadata analysis of correlated file is TTD.jpg file which metadata Author "Zen Alkarami", File Size "327946 byte", file type "Jpg" and with date in file TTD.jpg i.e. "January 24, 2018", conducted file- files are located in the materials folder with the option "equals", then found 2 files that its Author "Zen Alkarami", File size "327946 bytes", Extension file "Jpg" and the date is the same as "January 24, 2018" from metadata the date of the existing TTD.jpg file in that location. The following can be seen in the implementation view in Figure 4 and the results of the analysis from table 4 below: Figure 4. Display of Correlation Implementation with Author, Size, File Type and Date Parameters Table 4. Correlation Results Based on Author, Size, File Type and Date Parameters Nama File Siz e Date Creation Date Modificat ion Path gamba r.jpg 327 946 2018-01- 24 04:13:54 2018-01- 25 10:51:09 E:Bahan- Bahangambar .jpg TTD.j pg 327 946 2018-01- 24 04:13:52 2018-01- 24 04:13:54 E:Bahan- BahanTTD.jp g b) Correlation Results Without Parameters Size and File Type Results Correlation Analysis Without Parameters Size and File Type in question is to search for various types of files and sizes so obtained correlation results that vary or more with the evidence file TTD.jpg. Then got 6 file result of analysis which metadata Author its "Zen Alkarami", date "24-Januari-2018" with file type in the form of "Mp3, Pdf, Jpg and Docx" and file size different Here can be seen view implementation at Figure 5 and the results in table 5 below: Figure 5. Show Correlation Implementation Without Parameter Size and File Type International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 88 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
Table 5. Results Correlation Without Parameters Size and File Type Nama File Size Date Creatio n Date Modifica tion Path audio. mp3 327 946 2018- 01-24 04:13:5 4 2018-01- 25 07:03:23 E:Bahan- Bahanaudio. mp3 Daftar TTD.p df 650 7 2018- 01-24 04:17:1 8 2018-01- 24 04:17:17 E:Bahan- BahanDaftar TTD.pdf format. pdf 327 946 2018- 01-24 04:13:5 4 2018-01- 25 07:03:23 E:Bahan- Bahanformat. pdf Gamba r.jpg 327 946 2018- 01-24 04:13:5 4 2018-01- 25 10:51:09 E:Bahan- BahanGamba r.jpg Surat Pernya taan.do cx 124 90 2018- 01-24 04:17:0 0 2018-01- 24 04:16:59 E:Bahan- BahanSurat Pernyataan.do cx TTD.j pg 327 946 2018- 01-24 04:13:5 2 2018-01- 24 04:13:54 E:Bahan- BahanTTD.jp g VI. CONCLUSION Based on the results obtained in the discussion, the forensic metadata research for the correlation analysis of digital evidence can be deduced as follows. Built-in forensic metadata can read all file types specifically on the computer both in general and in detail including the tested file as sample. Based on the test to read the characteristics of metadata can be understood in general that is divided into three main parts; General Metadata ie File location, File name, File type / Extension file, Outhors Owner and Computer. Metadata Checksum is MD5 and SHA-256 Value. Metadata detail is cration time, last access time, last modified time, directory, other, regular file symbolic link, size, Make, Model, Orientation, X Resolution, Y Resolution, Resolution Unit, Software, Date / Time, Positioning, Exposure Time, F-Number, Exposure Program and so on. The method used to find metadata and metadata correlation characteristics is by forensic metadata tools. Tools used are the work of the researchers themselves. Based on the test of metadata correlation analysis with parameter of Author, Size, File Type, and Date then found fewer file compare to without parameter size and file type hence found file with various extension and file size. VII. FUTURE WORK The suggestions that need to be developed for further research are as follows. In the next research need to be done correlation analysis not only with parameter of metadata. Further development and research needs to be added multi local or multi drive option to browse the main evidence file. REFERENCES [1] S. Raghavan and S. V. Raghavan, 2014. “AssocGEN: Engine for analyzing metadata based associations in digital evidence,” Int. Work. Syst. Approaches Digit. Forensics Eng., SADFE, [2] J.Riley, 2017 Understanding Metadata: What Is Metadata, and What is it for?. [3] A. Spore, 2016.“Report Information from ProQuest,” no. June, [4] Subli, Sugiantoro & Prayudi, 2017. “ Forensic Metadata to support the investigation process of the "scientific journal DASI [5] S. Raghavan and S. V Raghavan, 2013. “A study of forensic & analysis tools,” 2013 8th Int. Work. Syst. Approaches to Digit. Forensics Eng., pp. 1–5, [6] F. Alanazi and A. Jones, “The Value of Metadata in Digital Forensics,” Proc. - 2015 Eur. Intell. Secur. Informatics Conf. EISIC 2015, vol. 8, no. 2011, p. 182, [7] P. R. Kumar, C. Srikanth, and K. L. Sailaja, 2016. “Location Identification of the Individual based on Image Metadata,” Procedia Comput. Sci., vol. 85, no. Cms, pp. 451–454, 2016. [8] L. Drive, M. Hall, C. Hill, K. Woods, A. Chassanoff, and C. a Lee, 2013. “Managing and Transforming Digital Forensics Metadata for Digital Collections,” 10th Int. Conf. Preserv. Digit. Objects, no. November, pp. 203–208, [9] R. Sharma and S. Koshy, 2011. “Promoting Open Source Technology in Education : NetBeans : The Perfect Open Source IDE,” vol. 4333, pp. 571–575, [10] Y. Prayudi, 2014 “Problema Dan Solusi Digital Chain Of Custody Dalam Proses Investigasi,”April, [11] U. Salama, V. Varadharajan, M. Hitchens, and DUMMY, 2012. “Metadata Based Forensic Analysis of Digital Information in the Web,” Annu. Symp. Inf. Assur. Secur. Knowl. Manag., pp. 9–15, International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 89 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

Recommended

Information retrieval-systems notes
Information retrieval-systems notesInformation retrieval-systems notes
Information retrieval-systems notesBAIRAVI T
 
Information retrieval introduction
Information retrieval introductionInformation retrieval introduction
Information retrieval introductionnimmyjans4
 
CS6007 information retrieval - 5 units notes
CS6007 information retrieval - 5 units notesCS6007 information retrieval - 5 units notes
CS6007 information retrieval - 5 units notesAnandh Arumugakan
 
Research on ontology based information retrieval techniques
Research on ontology based information retrieval techniquesResearch on ontology based information retrieval techniques
Research on ontology based information retrieval techniquesKausar Mukadam
 
Hci
HciHci
HciEr. Saurabh Singh
 
information retrieval Techniques and normalization
information retrieval Techniques and normalizationinformation retrieval Techniques and normalization
information retrieval Techniques and normalizationAmeenababs
 
Lectures 1,2,3
Lectures 1,2,3Lectures 1,2,3
Lectures 1,2,3alaa223
 
Ir 01
Ir 01Ir 01
Ir 01Mohammed Romi
 

Recommended

Information retrieval-systems notes
Information retrieval-systems notesInformation retrieval-systems notes
Information retrieval-systems notesBAIRAVI T
 
Information retrieval introduction
Information retrieval introductionInformation retrieval introduction
Information retrieval introductionnimmyjans4
 
CS6007 information retrieval - 5 units notes
CS6007 information retrieval - 5 units notesCS6007 information retrieval - 5 units notes
CS6007 information retrieval - 5 units notesAnandh Arumugakan
 
Research on ontology based information retrieval techniques
Research on ontology based information retrieval techniquesResearch on ontology based information retrieval techniques
Research on ontology based information retrieval techniquesKausar Mukadam
 
Hci
HciHci
HciEr. Saurabh Singh
 
information retrieval Techniques and normalization
information retrieval Techniques and normalizationinformation retrieval Techniques and normalization
information retrieval Techniques and normalizationAmeenababs
 
Lectures 1,2,3
Lectures 1,2,3Lectures 1,2,3
Lectures 1,2,3alaa223
 
Ir 01
Ir 01Ir 01
Ir 01Mohammed Romi
 
Lec 2
Lec 2Lec 2
Lec 2alaa223
 
Lec1,2
Lec1,2Lec1,2
Lec1,2alaa223
 
Information retrieval
Information retrievalInformation retrieval
Information retrievalhplap
 
A Review: Text Classification on Social Media Data
A Review: Text Classification on Social Media DataA Review: Text Classification on Social Media Data
A Review: Text Classification on Social Media DataIOSR Journals
 
Towards FAIR Open Science with PID Kernel Information: RPID Testbed
Towards FAIR Open Science with PID Kernel Information: RPID TestbedTowards FAIR Open Science with PID Kernel Information: RPID Testbed
Towards FAIR Open Science with PID Kernel Information: RPID TestbedBeth Plale
 
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...Artificial Intelligence Institute at UofSC
 
Classification-based Retrieval Methods to Enhance Information Discovery on th...
Classification-based Retrieval Methods to Enhance Information Discovery on th...Classification-based Retrieval Methods to Enhance Information Discovery on th...
Classification-based Retrieval Methods to Enhance Information Discovery on th...IJMIT JOURNAL
 
Tovek Presentation by Livio Costantini
Tovek Presentation by Livio CostantiniTovek Presentation by Livio Costantini
Tovek Presentation by Livio Costantinimaxfalc
 
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...Scaling Down Dimensions and Feature Extraction in Document Repository Classif...
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...ijdmtaiir
 
Text Indexing and Retrieval
Text Indexing and RetrievalText Indexing and Retrieval
Text Indexing and RetrievalRachmat Wahid Saleh Insani
 
Context Driven Technique for Document Classification
Context Driven Technique for Document ClassificationContext Driven Technique for Document Classification
Context Driven Technique for Document ClassificationIDES Editor
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Automated hierarchical classification of scanned documents using convolutiona...
Automated hierarchical classification of scanned documents using convolutiona...Automated hierarchical classification of scanned documents using convolutiona...
Automated hierarchical classification of scanned documents using convolutiona...IJECEIAES
 
香港六合彩
香港六合彩香港六合彩
香港六合彩shujia
 
Metadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled IntelligenceMetadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled Intelligencedannyijwest
 
Mam assign
Mam assignMam assign
Mam assignsilambu111
 
Aggregation for searching complex information spaces
Aggregation for searching complex information spacesAggregation for searching complex information spaces
Aggregation for searching complex information spacesMounia Lalmas-Roelleke
 
Tdm information retrieval
Tdm information retrievalTdm information retrieval
Tdm information retrievalKU Leuven
 
2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects 2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects 1crore projects
 
Az31349353
Az31349353Az31349353
Az31349353IJERA Editor
 
Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationUniversitas Pembangunan Panca Budi
 
Design and Implementation of Meetings Document Management and Retrieval System
Design and Implementation of Meetings Document Management and Retrieval SystemDesign and Implementation of Meetings Document Management and Retrieval System
Design and Implementation of Meetings Document Management and Retrieval SystemCSCJournals
 

More Related Content

What's hot

Information retrieval
Information retrievalInformation retrieval
Information retrievalhplap
 
A Review: Text Classification on Social Media Data
A Review: Text Classification on Social Media DataA Review: Text Classification on Social Media Data
A Review: Text Classification on Social Media DataIOSR Journals
 
Towards FAIR Open Science with PID Kernel Information: RPID Testbed
Towards FAIR Open Science with PID Kernel Information: RPID TestbedTowards FAIR Open Science with PID Kernel Information: RPID Testbed
Towards FAIR Open Science with PID Kernel Information: RPID TestbedBeth Plale
 
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...Artificial Intelligence Institute at UofSC
 
Classification-based Retrieval Methods to Enhance Information Discovery on th...
Classification-based Retrieval Methods to Enhance Information Discovery on th...Classification-based Retrieval Methods to Enhance Information Discovery on th...
Classification-based Retrieval Methods to Enhance Information Discovery on th...IJMIT JOURNAL
 
Tovek Presentation by Livio Costantini
Tovek Presentation by Livio CostantiniTovek Presentation by Livio Costantini
Tovek Presentation by Livio Costantinimaxfalc
 
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...Scaling Down Dimensions and Feature Extraction in Document Repository Classif...
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...ijdmtaiir
 
Context Driven Technique for Document Classification
Context Driven Technique for Document ClassificationContext Driven Technique for Document Classification
Context Driven Technique for Document ClassificationIDES Editor
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Automated hierarchical classification of scanned documents using convolutiona...
Automated hierarchical classification of scanned documents using convolutiona...Automated hierarchical classification of scanned documents using convolutiona...
Automated hierarchical classification of scanned documents using convolutiona...IJECEIAES
 
香港六合彩
香港六合彩香港六合彩
香港六合彩shujia
 
Metadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled IntelligenceMetadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled Intelligencedannyijwest
 
Aggregation for searching complex information spaces
Aggregation for searching complex information spacesAggregation for searching complex information spaces
Aggregation for searching complex information spacesMounia Lalmas-Roelleke
 
Tdm information retrieval
Tdm information retrievalTdm information retrieval
Tdm information retrievalKU Leuven
 
2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects 2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects 1crore projects
 

What's hot (20)

Lec 2
Lec 2Lec 2
Lec 2
 
Lec1,2
Lec1,2Lec1,2
Lec1,2
 
Information retrieval
Information retrievalInformation retrieval
Information retrieval
 
A Review: Text Classification on Social Media Data
A Review: Text Classification on Social Media DataA Review: Text Classification on Social Media Data
A Review: Text Classification on Social Media Data
 
Towards FAIR Open Science with PID Kernel Information: RPID Testbed
Towards FAIR Open Science with PID Kernel Information: RPID TestbedTowards FAIR Open Science with PID Kernel Information: RPID Testbed
Towards FAIR Open Science with PID Kernel Information: RPID Testbed
 
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...
Semantics-enhanced Cyberinfrastructure for ICMSE : Interoperability, Analyti...
 
Classification-based Retrieval Methods to Enhance Information Discovery on th...
Classification-based Retrieval Methods to Enhance Information Discovery on th...Classification-based Retrieval Methods to Enhance Information Discovery on th...
Classification-based Retrieval Methods to Enhance Information Discovery on th...
 
Tovek Presentation by Livio Costantini
Tovek Presentation by Livio CostantiniTovek Presentation by Livio Costantini
Tovek Presentation by Livio Costantini
 
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...Scaling Down Dimensions and Feature Extraction in Document Repository Classif...
Scaling Down Dimensions and Feature Extraction in Document Repository Classif...
 
Text Indexing and Retrieval
Text Indexing and RetrievalText Indexing and Retrieval
Text Indexing and Retrieval
 
Context Driven Technique for Document Classification
Context Driven Technique for Document ClassificationContext Driven Technique for Document Classification
Context Driven Technique for Document Classification
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Automated hierarchical classification of scanned documents using convolutiona...
Automated hierarchical classification of scanned documents using convolutiona...Automated hierarchical classification of scanned documents using convolutiona...
Automated hierarchical classification of scanned documents using convolutiona...
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Metadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled IntelligenceMetadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled Intelligence
 
Mam assign
Mam assignMam assign
Mam assign
 
Aggregation for searching complex information spaces
Aggregation for searching complex information spacesAggregation for searching complex information spaces
Aggregation for searching complex information spaces
 
Tdm information retrieval
Tdm information retrievalTdm information retrieval
Tdm information retrieval
 
2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects 2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects
 
Az31349353
Az31349353Az31349353
Az31349353
 

Similar to Correlation Analysis of Forensic Metadata for Digital Evidence

Design and Implementation of Meetings Document Management and Retrieval System
Design and Implementation of Meetings Document Management and Retrieval SystemDesign and Implementation of Meetings Document Management and Retrieval System
Design and Implementation of Meetings Document Management and Retrieval SystemCSCJournals
 
Data management plans (dmp) for nsf
Data management plans (dmp) for nsfData management plans (dmp) for nsf
Data management plans (dmp) for nsfBrad Houston
 
Data management plans (dmp) for nsf
Data management plans (dmp) for nsfData management plans (dmp) for nsf
Data management plans (dmp) for nsfBrad Houston
 
Meliorating usable document density for online event detection
Meliorating usable document density for online event detectionMeliorating usable document density for online event detection
Meliorating usable document density for online event detectionIJICTJOURNAL
 
Data management plans
Data management plansData management plans
Data management plansBrad Houston
 
A Systems Approach To Qualitative Data Management And Analysis
A Systems Approach To Qualitative Data Management And AnalysisA Systems Approach To Qualitative Data Management And Analysis
A Systems Approach To Qualitative Data Management And AnalysisMichele Thomas
 
Next-Generation Search Engines for Information Retrieval
Next-Generation Search Engines for Information RetrievalNext-Generation Search Engines for Information Retrieval
Next-Generation Search Engines for Information RetrievalWaqas Tariq
 
An Improved Annotation Based Summary Generation For Unstructured Data
An Improved Annotation Based Summary Generation For Unstructured DataAn Improved Annotation Based Summary Generation For Unstructured Data
An Improved Annotation Based Summary Generation For Unstructured DataMelinda Watson
 
Semantically-Enabled Digital Investigations - Research Overview
Semantically-Enabled Digital Investigations - Research OverviewSemantically-Enabled Digital Investigations - Research Overview
Semantically-Enabled Digital Investigations - Research Overviewinbroker
 
Di d dlf_handout
Di d dlf_handoutDi d dlf_handout
Di d dlf_handoutcwilliford
 
Data management plans
Data management plansData management plans
Data management plansBrad Houston
 
Efficient Similarity Search Over Encrypted Data
Efficient Similarity Search Over Encrypted DataEfficient Similarity Search Over Encrypted Data
Efficient Similarity Search Over Encrypted DataIRJET Journal
 
Decision Support for E-Governance: A Text Mining Approach
Decision Support for E-Governance: A Text Mining ApproachDecision Support for E-Governance: A Text Mining Approach
Decision Support for E-Governance: A Text Mining ApproachIJMIT JOURNAL
 
Saa Session 502 Born Digital Archives in Collecting Repositories
Saa Session 502 Born Digital Archives in Collecting RepositoriesSaa Session 502 Born Digital Archives in Collecting Repositories
Saa Session 502 Born Digital Archives in Collecting RepositoriesAIMS_Archives
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceDr. Richard Otieno
 

Similar to Correlation Analysis of Forensic Metadata for Digital Evidence (20)

Post-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics InvestigationPost-Genesis Digital Forensics Investigation
Post-Genesis Digital Forensics Investigation
 
Design and Implementation of Meetings Document Management and Retrieval System
Design and Implementation of Meetings Document Management and Retrieval SystemDesign and Implementation of Meetings Document Management and Retrieval System
Design and Implementation of Meetings Document Management and Retrieval System
 
Angels_in_our_Midst
Angels_in_our_MidstAngels_in_our_Midst
Angels_in_our_Midst
 
Data management plans (dmp) for nsf
Data management plans (dmp) for nsfData management plans (dmp) for nsf
Data management plans (dmp) for nsf
 
Data management plans (dmp) for nsf
Data management plans (dmp) for nsfData management plans (dmp) for nsf
Data management plans (dmp) for nsf
 
Meliorating usable document density for online event detection
Meliorating usable document density for online event detectionMeliorating usable document density for online event detection
Meliorating usable document density for online event detection
 
Data management plans
Data management plansData management plans
Data management plans
 
A Systems Approach To Qualitative Data Management And Analysis
A Systems Approach To Qualitative Data Management And AnalysisA Systems Approach To Qualitative Data Management And Analysis
A Systems Approach To Qualitative Data Management And Analysis
 
Text mining
Text miningText mining
Text mining
 
Next-Generation Search Engines for Information Retrieval
Next-Generation Search Engines for Information RetrievalNext-Generation Search Engines for Information Retrieval
Next-Generation Search Engines for Information Retrieval
 
An Improved Annotation Based Summary Generation For Unstructured Data
An Improved Annotation Based Summary Generation For Unstructured DataAn Improved Annotation Based Summary Generation For Unstructured Data
An Improved Annotation Based Summary Generation For Unstructured Data
 
Semantically-Enabled Digital Investigations - Research Overview
Semantically-Enabled Digital Investigations - Research OverviewSemantically-Enabled Digital Investigations - Research Overview
Semantically-Enabled Digital Investigations - Research Overview
 
Di d dlf_handout
Di d dlf_handoutDi d dlf_handout
Di d dlf_handout
 
Data management plans
Data management plansData management plans
Data management plans
 
Efficient Similarity Search Over Encrypted Data
Efficient Similarity Search Over Encrypted DataEfficient Similarity Search Over Encrypted Data
Efficient Similarity Search Over Encrypted Data
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Decision Support for E-Governance: A Text Mining Approach
Decision Support for E-Governance: A Text Mining ApproachDecision Support for E-Governance: A Text Mining Approach
Decision Support for E-Governance: A Text Mining Approach
 
Preservation Metadata
Preservation MetadataPreservation Metadata
Preservation Metadata
 
Saa Session 502 Born Digital Archives in Collecting Repositories
Saa Session 502 Born Digital Archives in Collecting RepositoriesSaa Session 502 Born Digital Archives in Collecting Repositories
Saa Session 502 Born Digital Archives in Collecting Repositories
 
Applying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital EvidenceApplying Data Mining Principles in the Extraction of Digital Evidence
Applying Data Mining Principles in the Extraction of Digital Evidence
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Correlation Analysis of Forensic Metadata for Digital Evidence

  • 1. Abstract— Metadata is the information that is embedded in a file whose contents are the explanation of the file. In the handling of the main evidence with a metadata-based approach is still a lot of manually in search for correlation related files to uncover various cases of computer crime. However, when correlated files are in separate locations (folders) and the number of files will certainly be a formidable challenge for forensic investigators in analyzing the evidence. In this study, we will build a prototype analysis using a metadata-based approach to analyze the correlation of the main proof file with the associated file or deemed relevant in the context of the investigation automatically based on the metadata parameters of Author, Size, File Type and Date. In this research, the related analysis read the characteristics of metadata file that is file type Jpg, Docx, Pdf, Mp3 and Mp4 and analysis of digital evidence correlation by using specified parameters, so it can multiply the findings of evidence and facilitate analysis of digital evidence. In this research, the result of correlation analysis of digital evidence found that using parameter of Author, Size, File Type and Date found less correlated file while using parameter without Size and File Type found more correlated file because of various extension and file size. Keywords: Metadata, Forensic, Correlation, Digital, Evidence I. INTRODUCTION s the heterogeneity of digital evidence in investigation continues to evolve with technological advances, we are faced with newer digital devices, more artifacts and a variety of file formats, these developments bring benefits, while at the same time providing new opportunities for crime in information technology [1]. In many cases, there is a digital evidence that can assist the officer in uncovering a criminal case. One of them through information about the contents of a data or file called file metadata. Metadata is information that is embedded in a file in the form of annotation of the file. Metadata contains information about the contents of a data used for the purpose of file or data management that later in a database [2]. Metadata is often called "information about information" or "data about data" [2]. So far, investigators of forensic analysis in the handling of major evidence with a metadata-based approach are still manually in search of correlation of related files. However, when correlated files are in separate locations (folders) and the number of files will certainly be a formidable challenge for forensic investigators in analyzing such digital evidence [1]. Metadata-based researches have been conducted, among others, by [3] linking data with other information, the user accessing it, the file directory where it was stored, the last time it was copied, and so on. Subsequent research Conducting analysis to verify metadata associated with images and track using GPS features [7]. To facilitate the process of correlation analysis, In his research build an AssocGEN analysis system using metadata to determine the association between user file artifacts, logs, and disposal of network packets and identify metadata to classify and determine correlations between artifacts and related artifact groups [5]. Forensic metadata has been done by previous research but by building different tools and parameters. Research with metadata-based forensics has been done by [4]. In his research, a forensic metadata system is used to read metadata characteristics in general and look for metadata correlation files with one parameter: file owner, file size, file date and file type. According to [5]. By using forensic metadata tools will greatly facilitate investigators in analyzing the correlation of digital evidence. So in this study will build a prototype to understand and read the characteristics of metadata in general and detail the specific metadata and identify, analyze the metadata correlation to group related files or relationships that are considered relevant in the context of investigation automatically based on metadata parameters that is Author, Size , File Type and Date. By using some and all parameters that have been determined, so as to multiply the findings of evidence and facilitate analysis of digital evidence. With this research is expected to contribute to forensic analysts in analyzing the correlation of digital evidence with a metadata-based approach. II. LITERATURE REVIEW Several previously conducted studies related to forensic metadata serve as a reference in the writing of this research, among others; In his research build an AssocGEN analysis system using metadata to determine the association between user file artifacts, logs, and disposal of network packets and identify metadata to group and specify correlations between artifacts and related artifact groups [5]. Other studies use various formats and metadata types to validate different types of documents and files that have a Corelation Analysis Of Forensic Metadata For Digital Evidence Zaenudin Departement of Informatics Universitas Islam Indonesia, Yogyakarta, Indonesia STMIK Mataram, Indonesia 15917124@students.uii.ac.id Bambang Sugiantoro Departement of Information System UIN Sunan Kalijaga Yogyakarta, Indonesia bambang.sugiantoro@uin-suka.ac.id Yudi Prayudi Departement of Informatics Universitas Islam Indonesia Yogyakarta, Indonesia prayudi@uii.ac.id A International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 85 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 2. number of formats and metadata types, which can be used to find properties of a file, document or activity of a network. In addition, metadata is widely used in any condition, where metadata can provide a variety of evidence between a group of people, as some do not know the type of information stored in their documents [6]. In his research aims to forensic examination of metadata that is linking data with other information, users who access it, file directory where the storage, last copied, and so forth. In a case, Metadata can produce indirect evidence to support evidence [3]. Next research Perform analysis to verify metadata associated with images and track using GPS features based on GPS Height, Latitude GPS, GPS Longitude and GPS position using Geo tagging feature) [7]. Subsequent research analyzed the BitCurator project to develop an extensible strategy for converting and combining digital forensic metadata into the archive metadata scheme and focusing on metadata generated by the open-source Digital Forensic (DFXML) tool [8]. Related research creates a metadata application for reading file metadata in general and can find files based on file correlation with one of the parameters of the file metadata [4]. From the above literature studies, in this study, will build a prototype for understanding and reading metadata characteristics in general and specific metadata detail and identifying, analyzing metadata correlations for grouping related files or relationships deemed relevant in the context of investigation automatically based on metadata parameters ie Author, Size, File Type and Date. By using some and all parameters that have been determined, so as to multiply the findings of evidence and facilitate analysis of digital evidence. With this research is expected to contribute to forensic analysts in analyzing the correlation of digital evidence with a metadata-based approach. III. BASIC THEORY A. Tools The tools used to build forensic metadata are netbeans. Netbeans is a Java-based Integrated Development Environment (IDE) application from Sun Microsystems that runs on swing. Swing is a Java technology for desktop application development that can run on various platforms such as windows, linux, Mac OS X and Solaris. An IDE is a programming scope that is integrated into a software application that provides a Graphic User Interface (GUI), an editor or text code, a compiler and a debugger [9] B. Classification of Digital Evidence In the investigation of the evidence is very important for the sustainability of the case being investigated, because with the evidence that will be analyzed to reveal the motives and perpetrators of the crime. Investigators are expected to understand the types of evidence so that at the time of investigation they recognize the priority of priority evidence. There are several similar terms, namely electronic evidence, digital evidence and evidence findings. Electronic evidence is physical and visually recognizable (computer, hand phone, camera, CD, hard drive, Tablet, CCTV etc.). While digital evidence is evidence that is extracted or recovered from electronic evidence (file, email, sms, image, video, logs, text). Digital Proof of Evidence is a proof taken from electronic evidence conducted analysis of the evidence, type of digital evidence, among others, Email / Email Address, Web History / Cookies, Image File, logical file, Deleted File, Lost File, Slack files, File Logs, Encrypted Files, Steganography files, Office files, Audio Files, Video Files, User ID and Password, Short Message Service (SMS), Multimedia Message Service (MMS), Call Logs. Findings of evidence is a digital evidence more meaningful as the output analysis obtained by investigators who directly lead to the reconstruction of the case being faced. In this case, digital evidence is information directly related to the data required by the investigator in the investigation process [10]. C. Metadata Concepts Metadata can be interpreted as "data (spatial) data", containing information about data characteristics and plays an important role in data exchange mechanisms. Through metadata information expected data users can interpret the data in the same way, when users see directly spatial data. The metadata document contains information that describes the characteristics of the data, especially the content, quality, condition, and manner of obtaining it. Metadata is used to perform pertinent spatial data documentation about who, what, when, where, and how spatial data is prepared. There are several types of metadata files such as Descriptive Metadata is Data that can identify the source of information so that it can be used to facilitate the process of discovery and selection. Coverage included in this data is the author, title, year of publication, subject or keyword headers and other information that the process of filling is the same as the traditional catalog. Administrative Metadata is Data that can not only identify the source of information but also how it is managed. The scope of this data is the same as the descriptive data only with the data maker, the time of manufacture, the file type, other technical data. In addition, this data also contains information about access rights, intellectual property rights, storage and preservation of information resources. Structural Metadata is Data that can make between the related data can be related to each other. More explicitly, this metadata is used to determine the relationship between physical files and pages, pages and chapters and chapters with books as the final product [11]. D. Test Flow Metadata Forensic Systems In forensic metadata research for the analysis of evidence, correlation includes several stages of testing is the testing phase to read the characteristics of metadata and testing to perform metadata correlation. a) Metadata File Characteristic Reading Flow Here is described in detail the steps of use of this application in viewing the characteristics of the metadata file in Figure 2 flowchart below: International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 86 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 3. Start Input BD Files (Docx, Pdf, Jpg, Mp3, Mp4) The Process of Recognizing and Reading File Metadata Metadata File Metadata File Read End Metadata File Not Read Y T Figure 2. Flowchart Reading Characteristics of Metadata File Explanation of the testing process to read the characteristics of metadata file using forensic metadata system that is built first to start or forensic metadata system is run, then input file digital evidence that will read metadata, the process of multiplying and reading the metadata file, there are conditions where the metadata file cannot read will return to the input file object evidence, then metadata that can be read metadata will be directly displayed metadata last program in closing or finished. b) Metadata File Correlation Testing Flow Here is described in detail the steps of the use of this application program to perform the correlation of the file in figure 3. flowchart below: Start Input BD Files (Docx, Pdf, Jpg, Mp3, Mp4) The Process of Recognizing and Reading File Metadata Files Files Found End Files Not Found Y T Search Process Correlation Metadata file Select Correlation Options with parameters (Author, File Type, File Size, File Date) Associated Processing / Grouping BD Processing Select Path Location Figure 3. Flowchart Process Testing System / Tools Correlation Metadata file First start the forensic metadata system, then do input the main evidence file to read metadata, then the process of understanding and reading the metadata file, then select the location of the correlation path and then select the correlation option with parameters, than the system will find the metadata correlation based on parameter selection, if the file is not found it will return to the correlation option but the correlation file found then will proceed to the analysis process and the last system is completed. IV. RESEARCH METHODS The method used in forensic metadata research for this correlation analysis of digital evidence can be seen in Figure 1 below: International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 87 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 4. Figure 1. The Proposed Methodology research methodology that will be built outline is divided into three stages, namely the first stage consists of problem identification and literature review, second stage or stage design and testing tools consist of data collection methods, system requirements analysis, system design, system implementation and testing tools, analysis of test results and the final stage of the completion stage of the conclusion contains the preparation of research reports. V. ANALYSIS AND RESULT In this study, the prototype has been built from the implementation until the results of analysis and discussion. Test prototypes built with some predefined files and to analyze the metadata correlation with specified parameters. A. Results Read File Characteristics File Method The main evidence file that will read metadata first in browse after the program will process until identified metadata then will appear metadata in general table, checksum and detail as in table 1 below: Table 1. The result of reading metadata image file TTD.jpg No Kind of Metadata Value 1 Location file E:Bahan-BahanTTD.jpg 2 Name File TTD.jpg 3 Type File Jpg 4 Author Zen Alkarami 5 Computer DESKTOP-HJQGNJT 6 Owner 46 DESKTOP-HJQGNJTZen B. Results of File Metadata Correlation Analysis The result of correlation analysis of metadata file based on parameter ie; Author, Size, File Type and Date. By testing files with extension Jpg, Docx, Pdf, Mp3, and Mp4. In one folder As follows: a) Correlation Results with Author, Size, File Type and Date Parameters The result of metadata analysis of correlated file is TTD.jpg file which metadata Author "Zen Alkarami", File Size "327946 byte", file type "Jpg" and with date in file TTD.jpg i.e. "January 24, 2018", conducted file- files are located in the materials folder with the option "equals", then found 2 files that its Author "Zen Alkarami", File size "327946 bytes", Extension file "Jpg" and the date is the same as "January 24, 2018" from metadata the date of the existing TTD.jpg file in that location. The following can be seen in the implementation view in Figure 4 and the results of the analysis from table 4 below: Figure 4. Display of Correlation Implementation with Author, Size, File Type and Date Parameters Table 4. Correlation Results Based on Author, Size, File Type and Date Parameters Nama File Siz e Date Creation Date Modificat ion Path gamba r.jpg 327 946 2018-01- 24 04:13:54 2018-01- 25 10:51:09 E:Bahan- Bahangambar .jpg TTD.j pg 327 946 2018-01- 24 04:13:52 2018-01- 24 04:13:54 E:Bahan- BahanTTD.jp g b) Correlation Results Without Parameters Size and File Type Results Correlation Analysis Without Parameters Size and File Type in question is to search for various types of files and sizes so obtained correlation results that vary or more with the evidence file TTD.jpg. Then got 6 file result of analysis which metadata Author its "Zen Alkarami", date "24-Januari-2018" with file type in the form of "Mp3, Pdf, Jpg and Docx" and file size different Here can be seen view implementation at Figure 5 and the results in table 5 below: Figure 5. Show Correlation Implementation Without Parameter Size and File Type International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 88 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 5. Table 5. Results Correlation Without Parameters Size and File Type Nama File Size Date Creatio n Date Modifica tion Path audio. mp3 327 946 2018- 01-24 04:13:5 4 2018-01- 25 07:03:23 E:Bahan- Bahanaudio. mp3 Daftar TTD.p df 650 7 2018- 01-24 04:17:1 8 2018-01- 24 04:17:17 E:Bahan- BahanDaftar TTD.pdf format. pdf 327 946 2018- 01-24 04:13:5 4 2018-01- 25 07:03:23 E:Bahan- Bahanformat. pdf Gamba r.jpg 327 946 2018- 01-24 04:13:5 4 2018-01- 25 10:51:09 E:Bahan- BahanGamba r.jpg Surat Pernya taan.do cx 124 90 2018- 01-24 04:17:0 0 2018-01- 24 04:16:59 E:Bahan- BahanSurat Pernyataan.do cx TTD.j pg 327 946 2018- 01-24 04:13:5 2 2018-01- 24 04:13:54 E:Bahan- BahanTTD.jp g VI. CONCLUSION Based on the results obtained in the discussion, the forensic metadata research for the correlation analysis of digital evidence can be deduced as follows. Built-in forensic metadata can read all file types specifically on the computer both in general and in detail including the tested file as sample. Based on the test to read the characteristics of metadata can be understood in general that is divided into three main parts; General Metadata ie File location, File name, File type / Extension file, Outhors Owner and Computer. Metadata Checksum is MD5 and SHA-256 Value. Metadata detail is cration time, last access time, last modified time, directory, other, regular file symbolic link, size, Make, Model, Orientation, X Resolution, Y Resolution, Resolution Unit, Software, Date / Time, Positioning, Exposure Time, F-Number, Exposure Program and so on. The method used to find metadata and metadata correlation characteristics is by forensic metadata tools. Tools used are the work of the researchers themselves. Based on the test of metadata correlation analysis with parameter of Author, Size, File Type, and Date then found fewer file compare to without parameter size and file type hence found file with various extension and file size. VII. FUTURE WORK The suggestions that need to be developed for further research are as follows. In the next research need to be done correlation analysis not only with parameter of metadata. Further development and research needs to be added multi local or multi drive option to browse the main evidence file. REFERENCES [1] S. Raghavan and S. V. Raghavan, 2014. “AssocGEN: Engine for analyzing metadata based associations in digital evidence,” Int. Work. Syst. Approaches Digit. Forensics Eng., SADFE, [2] J.Riley, 2017 Understanding Metadata: What Is Metadata, and What is it for?. [3] A. Spore, 2016.“Report Information from ProQuest,” no. June, [4] Subli, Sugiantoro & Prayudi, 2017. “ Forensic Metadata to support the investigation process of the "scientific journal DASI [5] S. Raghavan and S. V Raghavan, 2013. “A study of forensic & analysis tools,” 2013 8th Int. Work. Syst. Approaches to Digit. Forensics Eng., pp. 1–5, [6] F. Alanazi and A. Jones, “The Value of Metadata in Digital Forensics,” Proc. - 2015 Eur. Intell. Secur. Informatics Conf. EISIC 2015, vol. 8, no. 2011, p. 182, [7] P. R. Kumar, C. Srikanth, and K. L. Sailaja, 2016. “Location Identification of the Individual based on Image Metadata,” Procedia Comput. Sci., vol. 85, no. Cms, pp. 451–454, 2016. [8] L. Drive, M. Hall, C. Hill, K. Woods, A. Chassanoff, and C. a Lee, 2013. “Managing and Transforming Digital Forensics Metadata for Digital Collections,” 10th Int. Conf. Preserv. Digit. Objects, no. November, pp. 203–208, [9] R. Sharma and S. Koshy, 2011. “Promoting Open Source Technology in Education : NetBeans : The Perfect Open Source IDE,” vol. 4333, pp. 571–575, [10] Y. Prayudi, 2014 “Problema Dan Solusi Digital Chain Of Custody Dalam Proses Investigasi,”April, [11] U. Salama, V. Varadharajan, M. Hitchens, and DUMMY, 2012. “Metadata Based Forensic Analysis of Digital Information in the Web,” Annu. Symp. Inf. Assur. Secur. Knowl. Manag., pp. 9–15, International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 3, March 2018 89 https://sites.google.com/site/ijcsis/ ISSN 1947-5500