{"id":5841,"date":"2025-09-02T14:55:43","date_gmt":"2025-09-02T12:55:43","guid":{"rendered":"https:\/\/cyberawareness.sk\/?p=5841"},"modified":"2026-03-27T12:42:20","modified_gmt":"2026-03-27T11:42:20","slug":"forensic-artifacts-analysis-using-graph-theory","status":"publish","type":"post","link":"https:\/\/cyberawareness.sk\/en\/2025\/09\/02\/forensic-artifacts-analysis-using-graph-theory\/","title":{"rendered":"Forensic Artifacts\u2019 Analysis using Graph Theory"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"5841\" class=\"elementor elementor-5841\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fa18013 e-flex e-con-boxed e-con e-parent\" data-id=\"fa18013\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-9f6d137 e-con-full e-flex e-con e-child\" data-id=\"9f6d137\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dd553b0 elementor-widget elementor-widget-ucaddon_square_icon_box\" data-id=\"dd553b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ucaddon_square_icon_box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n<!-- start Icon Box -->\n\t\t<link id='font-awesome-css' href='https:\/\/cyberawareness.sk\/wp-content\/plugins\/unlimited-elements-for-elementor\/assets_libraries\/font-awesome6\/fontawesome-all.min.css' type='text\/css' rel='stylesheet' >\n\t\t<link id='font-awesome-4-shim-css' href='https:\/\/cyberawareness.sk\/wp-content\/plugins\/unlimited-elements-for-elementor\/assets_libraries\/font-awesome6\/fontawesome-v4-shims.min.css' type='text\/css' rel='stylesheet' >\n\t\t<link id='uc_ac_assets_file_blox_boxed_small_square_icon_box_css_0-css' href='https:\/\/cyberawareness.sk\/wp-content\/uploads\/ac_assets\/blox-boxed-small-square-icon-box\/blox-boxed-small-square-icon-box.css' type='text\/css' rel='stylesheet' >\n\n<style>\/* widget: Icon Box *\/\n\n#uc_square_icon_box_elementor_dd553b0 * { \n\tbox-sizing: border-box; \n}\n\n#uc_square_icon_box_elementor_dd553b0{\n\tfont-family: inherit;\n    transition:0.3s;\n    position:relative;\n}\n\n#uc_square_icon_box_elementor_dd553b0 .blox-boxed-small-square-icon-box-icon{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(0deg);\n    z-index:2;\n}\n#uc_square_icon_box_elementor_dd553b0 .ue-icon {\n  display:inline-block;\n}\n#uc_square_icon_box_elementor_dd553b0 .blox-boxed-small-square-icon-box-icon > div{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(-0deg);\n}\n#uc_square_icon_box_elementor_dd553b0 .ue-icon-inner{\n    line-height:1em;\n\t} \t\n\n\n#uc_square_icon_box_elementor_dd553b0 .ue-icon-inner svg{\n    height:1em;\n    width:1em;\n\t} \t\n\t\n.blox-boxed-small-square-icon-box-heading{\n\tfont-size:21px;\n\t}\n\n\n#uc_square_icon_box_elementor_dd553b0:hover\n{\n  position:relative;\n  z-index:1;\n}\n\n\n#uc_square_icon_box_elementor_dd553b0 .ue_box_button\n{\n  text-align:center;\n  text-decoration:none;\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n#uc_square_icon_box_elementor_dd553b0 span.line\n{\n  display:block;\n  position:absolute;\n  top:0;\n  left:0;\n  width:0px;\n  transition:0.3s;\n}\n\n#uc_square_icon_box_elementor_dd553b0:hover span.line\n{\n  width:100%;\n}\n\n#uc_square_icon_box_elementor_dd553b0 .ue-title-separator span\n{\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n\n\n\n<\/style>\n\n<div class=\"square_icon_box\" id=\"uc_square_icon_box_elementor_dd553b0\">\n  \n  \t\t  \n  \n              <div class=\"ue-icon\">\n       <a style=\"display:inline-block; text-decoration:none;\" href=\"https:\/\/ceur-ws.org\/Vol-3792\/paper26.pdf\" >         <div class=\"blox-boxed-small-square-icon-box-icon\" style=\"background-color: ;\">\n           <div class=\"ue-icon-inner\"><i class='fas fa-book'><\/i><\/div>\n         <\/div>\n       <\/a>       <\/div>\n         \n  \t\t        <div class=\"blox-boxed-small-square-icon-box-heading\">\n        \tArticle\n        <\/div>\n          \n  \t\t  \n  \n          \n  \t\t        \n          \n  \t\t  \n<\/div>\n<!-- end Icon Box -->\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e851db elementor-widget elementor-widget-text-editor\" data-id=\"8e851db\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><b>Authors:<\/b> Sophia Petra Kri\u0161\u00e1kov\u00e1, Pavol Sokol, Rastislav Krivo\u0161-Bellu\u0161<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e5a0a23 elementor-widget elementor-widget-heading\" data-id=\"e5a0a23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Abstract<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b77c4c2 elementor-widget elementor-widget-text-editor\" data-id=\"b77c4c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The number of cyber-attacks is constantly growing, and their sophistication is increasing due to new techniques and strategies of attackers. Organisations must continuously improve their methods of detecting and responding to these attacks to protect their networks and information systems. The time between the occurrence of a security incident and its identification takes an average of 100 &#8211; 200 days, with organisations having a response time of between 50 &#8211; 70 days. Our work aims to reduce this time so that organisations can respond to security incidents more quickly. In this work, we use graph theory for forensic analysis in the Windows operating system. The main objective of the work is to identify digital evidence and the relationships between them. For this purpose, we work with datasets from various Capture the Flag (CTF) competitions. We describe the processing stages of the digital evidence and their transformation into graphs and then identify anomalies and cycles in the graphs in order to provide readers with a deeper insight.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e39a89a elementor-widget elementor-widget-heading\" data-id=\"e39a89a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Introduction<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0aa2729 elementor-widget elementor-widget-text-editor\" data-id=\"0aa2729\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In the digital world, data and network security is a key concern for organisations of all sizes and industries. With the rise of cyber-attacks and their ever-changing nature, organisations must constantly adapt to protect their assets and ensure the security of their information. Cyber attackers are continuously developing new ways to penetrate systems and gain unauthorised access to sensitive data. As these attacks become more sophisticated, the challenge for organisations is to identify them as quickly as possible and respond appropriately\u2014and ideally, proactively.<br \/><br \/>One of the main issues in responding to security attacks is the time between the occurrence of a security incident, its identification, and the subsequent response. This timeframe can be significant, often measured in hundreds of days, which gives attackers ample opportunity to cause damage without being detected. In addition, even after an incident is identified, organisations require time to resolve it and restore normal operations.<br \/><br \/>Our research focuses on the security incident response process, including digital forensics. The main aim is to reduce the time required to resolve a security incident and to provide organisations with a way to respond more quickly and effectively. In this article, we focus on how graph theory, applied to individual forensic artefacts available in the Windows operating system and the NTFS file system, can contribute to this goal. Graph analysis enables the identification of relationships between different pieces of digital evidence and their attributes, thereby providing a deeper understanding of the nature of an attack.<br \/>To achieve this objective, we specify the following partial research objectives:<\/p><ul><li>What attributes of forensic artefacts are best suited for graph representation?<\/li><li>How can specific properties of graphs help identify key forensic artefacts and relationships in digital forensics?<\/li><\/ul><p><br \/>This paper is divided into six sections. Section 2 discusses papers relevant to this research. Section 3 specifies the methods employed, including the collection and processing of digital evidence. Section 4 outlines how graph theory is applied to digital evidence and explores graph generation options. Section 5 discusses the lessons learned from applying graph properties to digital evidence. Section 6 provides a summary, including suggestions for future research.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Authors: Sophia Petra Kri\u0161\u00e1kov\u00e1, Pavol Sokol, Rastislav Krivo\u0161-Bellu\u0161<\/p>","protected":false},"author":8,"featured_media":5713,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"full-width","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[15],"tags":[],"class_list":["post-5841","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-clanky","entry","has-media"],"_links":{"self":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/5841","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/comments?post=5841"}],"version-history":[{"count":8,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/5841\/revisions"}],"predecessor-version":[{"id":8887,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/5841\/revisions\/8887"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/media\/5713"}],"wp:attachment":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/media?parent=5841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/categories?post=5841"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/tags?post=5841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}