nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Supporting Process Mining with Recovered Residual Data

verfasst von : Ludwig Englbrecht, Stefan Schönig, Günther Pernul

Erschienen in: The Practice of Enterprise Modeling

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Understanding how workflows are actually carried out within an organization can provide a crucial contribution to business process improvement. This paper presents a concept for reconstructing a business process by using file residuals on a hard-drive and without the need for existing event logs. Thereby, methods from the area of process mining are enriched with approaches from digital forensics investigations in a Digital Trace Miner. First, a framework that extracts traces originating from business process execution based on residual data is developed in order to link them to the processes. The traces from the extraction are used in a life-cycle to keep related data up-to-date. This approach has been implemented and evaluated by a prototype. The evaluation shows that this approach enables useful insights regarding the tasks performed on a suspect computer by associating recovered files by using file-carving mechanisms.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Extended Enterprise Collaboration for System-of-Systems Requirements Engineering: Challenges in the Era of COVID-19

Nächstes Kapitel Space-Time Cube Operations in Process Mining

https://github.com/dupgit/sauvegarde.

https://github.com/LudwigEnglbrecht/sauvegardeEX.

Evaluation script and data: https://github.com/LudwigEnglbrecht/DTMEvaluation.

https://www.autopsy.com/download/.

van der Aalst, W.M.P., Adriansyah, A., et al.: Process mining manifesto. In: Business Process Management Workshops, vol. 99, pp. 169–194 (2011)

van der Aalst, W.P., et al.: Business process mining: an industrial application. Inf. Syst. 32(5), 713–732 (2007)CrossRef

van der Aalst, W.M.P., Weijters, T., Maruster, L.: Workflow mining: discovering process models from event logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128–1142 (2004)CrossRef

Bala, S.: Mining projects from structured and unstructured data. In: Gulden, J., et al. (eds.) CEUR Workshop Proceedings, vol. 1859, pp. 133–137. CEUR-WS.org (2017)

Bala, S., Mendling, J.: Monitoring the software development process with process mining. In: Shishkov, B. (ed.) BMSD 2018. LNBIP, vol. 319, pp. 432–442. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94214-8_34CrossRef

Breitinger, F., Baier, H.: Similarity preserving hashing: eligible properties and a new algorithm. In: Rogers, M., Seigfried-Spellar, K.C. (eds.) ICDF2C 2012. LNICST, vol. 114, pp. 167–182. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39891-9_11CrossRef

Castellanos, M., de Medeiros, A.K.A., Mendling, J., Weber, B., Weijters, A.J.M.M.: Business process intelligence. In: Cardoso, J.S., van der Aalst, W.M.P. (eds.) Handbook of Research on Business Process Modeling, pp. 456–480. IGI Global, Hershey (2009)CrossRef

Cohen, F.: Toward a science of digital forensic evidence examination. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 17–35. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2_2CrossRef

Dakic, D., Stefanovic, D., Lolic, T., Narandzic, D., Simeunovic, N.: Event log extraction for the purpose of process mining: a systematic literature review. In: Prostean, G., Lavios Villahoz, J.J., Brancu, L., Bakacsi, G. (eds.) SIM 2019. SPBE, pp. 299–312. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44711-3_22CrossRef

10.

Dewald, A., Freiling, F.C.: From Computer Forensics to Forensic Computing: Investigators Investigate, Scientists Associate (2014)

11.

Englbrecht, L., Pernul, G.: A privacy-aware digital forensics investigation in enterprises. In: Volkamer, M., Wressnegger, C. (eds.) ARES 2020: The 15th International Conference on Availability, Reliability and Security, Virtual Event, Ireland, 25–28 August 2020, pp. 58:1–58:10. ACM (2020)

12.

Garfinkel, S.L.: Digital forensics research: the next 10 years. Digit. Invest. 7, 64–73 (2010)CrossRef

13.

Gupta, V., Breitinger, F.: How cuckoo filter can improve existing approximate matching techniques. In: James, J.I., Breitinger, F. (eds.) ICDF2C 2015. LNICST, vol. 157, pp. 39–52. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25512-5_4CrossRef

14.

Inman, K., Rudin, N.: Principles and Practice of Criminalistics: The Profession of Forensic Science. Protocols in Forensic Science. CRC Press, Boca Raton (2000)CrossRef

15.

James, J.I., Gladyshev, P.: Automated inference of past action instances in digital investigations. Int. J. Inf. Secur. 14(3), 249–261 (2014). https://doi.org/10.1007/s10207-014-0249-6CrossRef

16.

Kälber, S., Dewald, A., Freiling, F.C.: Forensic application-fingerprinting based on file system metadata. In: Seventh International Conference on IT Security Incident Management and IT Forensics, pp. 98–112 (2013)

17.

Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to Integrating Forensic Techniques into Incident Response: NIST SP 800-86 (2006)

18.

Li, H., Xiao, F., Xiong, N.: Efficient metadata management in block-level CDP system for cyber security. IEEE Access 7, 151569–151578 (2019)CrossRef

19.

Lu, M., Chiueh, T.: File versioning for block-level continuous data protection. In: 29th IEEE International Conference on Distributed Computing Systems (ICDCS 2009), Montreal, Québec, Canada, 22–26 June 2009, pp. 327–334. IEEE Computer Society (2009)

20.

McCreight, S., Weber, D.: System and method for entropy-based near-match analysis (2010), US Patent App. 12/722,482

21.

Meier, S.: Digitale Forensik in Unternehmen. Universität Regensburg, January 2017

22.

de Murillas, E.G.L., van der Aalst, W.M.P., Reijers, H.A.: Process mining on databases: unearthing historical data from redo logs. In: Motahari-Nezhad, H.R., Recker, J., Weidlich, M. (eds.) BPM 2015. LNCS, vol. 9253, pp. 367–385. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23063-4_25CrossRef

23.

Palmer, G.: A road map for digital forensic research: Report from the first digital forensic research workshop (DFRWS). In: First Digital Forensic Research Workshop, Utica, New York, pp. 27–30 (2001)

24.

Pasquier, T., et al.: Practical whole-system provenance capture. In: Proceedings of the 2017 Symposium on Cloud Computing, pp. 405–418. ACM (2017)

25.

Sheng, Y., Wang, D., He, J., Ju, D.: TH-CDP: an efficient block level continuous data protection system. In: International Conference on Networking, Architecture, and Storage, pp. 395–404 (2009)

26.

Soltani, S., Seno, S.A.H.: A survey on digital evidence collection and analysis. In: 2017 7th International Conference on Computer and Knowledge Engineering (ICCKE), pp. 247–253. IEEE (2017)

27.

Weijters, A., van der Aalst, W.M.P., de Medeiros, A.A.: Process mining with the heuristics miner-algorithm. Technische Universiteit Eindhoven, Technical report WP 166, 1–34 (2006)

28.

Yu, X., Tan, Y., Sun, Z., Liu, J., Liang, C., Zhang, Q.: A fault-tolerant and energy-efficient continuous data protection system. J. Ambient Intell. Humaniz. Comput. 10(8), 2945–2954 (2018). https://doi.org/10.1007/s12652-018-0726-2CrossRef

Titel: Supporting Process Mining with Recovered Residual Data
verfasst von: Ludwig Englbrecht
Stefan Schönig
Günther Pernul
Verlag: Springer International Publishing
Buch: The Practice of Enterprise Modeling
Print ISBN: 978-3-030-63478-0

Electronic ISBN: 978-3-030-63479-7

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-63479-7_27

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner