Disclosed is a digital forensic audit system based on user′s behavior analysis which scans a using trace which is an image recorded in a window system and a file, extracts an event and a document file from the image to analyze a user′s behavior, and visualizes the event and the document file by analyzing the event and the document file. The system includes a document file extracting unit for extracting a document file of a logic level and file attributes; an event extracting unit for extracting an event including a generation time from the image to extract an event from an attribute (hereinafter, referred to as ′time attribute′) of a document file related to time; an analysis unit for analyzing the document file or the event based on attribute and time; and a visualizing unit for display the analyzed result (hereinafter, referred to as ′analysis result′) on a time-dimension coordinates. According to the digital forensic audit system, various kinds of data stored in storage mediums of computer terminals in a system are simply and easily analyzed and visualized, so that a user behavior can be analyzed. In addition, intentional and illegal breach of confidential information or individual information in the system can be always monitored and proofs can be rapidly obtained when an accident occurs.;COPYRIGHT KIPO 2014;[Reference numerals] (31) Scanning unit; (32) Document file extracting unit; (33) Event extracting unit; (34) Analysis unit; (35) visualization unit; (36) State extracting unit; (41) Event DB; (42) Document file DB; (43) Analysis result DB
展开▼
