This article proposes the use of a collaborative multi-agent approach to develop a toolkit to assist the experts during the forensic examination process: MADIK - a Multi-Agent Digital Investigation ToolKit. The use of a multi-agent approach has been proved adequate, specially regarding the cooperative action of the autonomous specialized agents: HashSetAgent, FilePathAgent, TimelineAgent, FileSignatureAgent. Also the distributed nature of the multi-agent approach allows for better usage of computational resources, since agents can operate autonomously in different machines and environments. As part of our work, we have defined a four layer multi-agent architecture, as a metaphor to the organizational hierarchy levels, which is divided in strategic, tactical, perational and specialist levels. The proposed architecture was the base to the development of the toolkit, which was developed with a blackboard approach, implemented over the Java Agent DEvelopment Framework -JADE, using Java Expert System Shell -JESS. We have done some experiments with MADIK using real data and the results are encouraging. This paper focuses on the benefits of using the multi-agent approach to aid in the forensic examination process, specially regarding the cooperative action of the autonomous specialized agents, which we deem as a flexible and promising possibility that should be further exploredin the computer forensics scenario.
展开▼
机译:本文建议使用协作式多代理方法来开发一个工具包,以在法医检查过程中为专家提供帮助:MADIK-多代理数字调查工具包。事实证明,使用多代理方法是足够的,特别是在自治专用代理(HashSetAgent,FilePathAgent,TimelineAgent,FileSignatureAgent)的协同操作方面。而且,由于代理可以在不同的机器和环境中自主运行,因此多代理方法的分布式性质还可以更好地利用计算资源。作为我们工作的一部分,我们定义了一个四层的多主体体系结构,作为对组织层次结构级别的隐喻,该层次结构分为战略,战术,战术和专家级。所提出的体系结构是开发该工具箱的基础,该工具箱是通过黑板方法开发的,并使用Java Expert System Shell -JESS在Java Agent开发框架-JADE上实现。我们使用真实数据对MADIK进行了一些实验,结果令人鼓舞。本文重点介绍了使用多主体方法协助法医检查过程的好处,特别是关于自治专业代理人的合作行动,我们认为这是一种灵活而有希望的可能性,应在计算机取证情况下进一步探讨该可能性。 。
展开▼
