Event reconstruction is a fundamental part of the digital forensic process, helping to answer key questions like who, what, when, and how. A common way of accomplishing that is to use tools to create timelines, which are then analyzed. However, various challenges exist, such as large volumes of data or contamination. While prior research has focused on simplifying timelines, less attention has been given to tampering, i.e., the deliberate manipulation of evidence, which can lead to errors in interpretation. This article addresses the issue by proposing a framework to assess the tamper resistance of data sources used in event reconstruction. We discuss factors affecting data resilience, introduce a scoring system for evaluation, and illustrate its application with case studies. This work aims to improve the reliability of forensic event reconstruction by considering tamper resistance.

翻译：事件重建是数字取证流程的基础环节，有助于解答何人、何事、何时及如何等关键问题。通常的实现方式是借助工具生成时间线并进行分析。然而，该过程面临诸多挑战，例如海量数据或数据污染问题。现有研究多集中于简化时间线分析，却较少关注证据篡改——即人为故意操纵证据的行为，这可能导致解读错误。本文通过提出一个评估事件重建所用数据源防篡改能力的框架来解决该问题。我们讨论了影响数据抗扰性的因素，引入了量化评估的评分体系，并通过案例研究展示其应用。本工作旨在通过考量防篡改特性来提升取证事件重建的可靠性。