An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
40 CHAPTER 5. ONTOLOGY<br />
Gephi and Cytoscape visualization tools might provide a nicer output<br />
but it takes much more time to get them to do what is wanted.<br />
5.2.7 Raptor RDF and GraphViz<br />
There is another possibility to create graphical representations of the ontology.<br />
Raptor RDF [Beckett, 2013] is a RDF parser that can output the<br />
data of the RDF le <strong>in</strong> the dot <strong>for</strong>mat of GraphViz[Ellson et al., 2013].<br />
GraphViz then converts the dot le to an image le. For example, the<br />
command rapper -I . -o dot sample.rdf | dot -Tpng -o sample.png<br />
converts a RDF le named sample.rdf to a PNG image le called sample.png.<br />
All gures <strong>in</strong> this work that show graphs or graph-like structures are generated<br />
from dot les.<br />
5.3 Storage<br />
This section presents the two storage possibilities that were used when creat<strong>in</strong>g<br />
the example implementation. <strong>An</strong> explanation why there are two and<br />
which ones were used <strong>in</strong> the end is given <strong>in</strong> section 7.5.<br />
5.3.1 Neo4J<br />
Neo4J [Neo Technology, Inc, 2013] is a graph database that is implemented<br />
<strong>in</strong> Java. Graph means property graph. It consists of nodes and relationships.<br />
Both of them have properties and the relationships structure the nodes. This<br />
structure is visualized <strong>in</strong> gure 5.3. Accord<strong>in</strong>g to [Neo Technology, Inc., 2006]<br />
relational databases do not support the recently upcom<strong>in</strong>g amount of data<br />
that is structured <strong>in</strong> networks. Neo4J is designed to t the requirements of<br />
this k<strong>in</strong>d of data. Additionally, the Neo4J database is preferably to be used<br />
with semi-structured data. Semi-structured data can be thought of as a table<br />
where the entries have few mandatory attributes but many optional ones.<br />
But a drawback is that arbitrary queries on structured data are not handled<br />
as eciently as <strong>in</strong> relational databases. This is caused by the network focused<br />
design. Neo4J has a graphical web front end which allows <strong>in</strong>teractive<br />
brows<strong>in</strong>g of the database. A screenshot of this <strong>in</strong>terface can be found <strong>in</strong> the<br />
appendix <strong>in</strong> gure C.1.<br />
5.3.2 Sesame<br />
Sesame is an open source Java framework <strong>for</strong> storage and query<strong>in</strong>g of RDF<br />
data.[Aduna, 2012] Sesame is a triplestore that is designed <strong>for</strong> stor<strong>in</strong>g and<br />
retriev<strong>in</strong>g triples. The web <strong>in</strong>terface allows brows<strong>in</strong>g the stored data and<br />
direct SPARQL queries.