Deakin home > Deakin University Library > Deakin Research Online > Using relationship-building in event profiling for digital forensic investigations

Using relationship-building in event profiling for digital forensic investigations

Batten, Lynn and Pan, Lei 2010, Using relationship-building in event profiling for digital forensic investigations, in e-Forensics 2010 : Proceedings of the 3rd International ICST Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia, Springer, [Shangai, China].

Attached Files (Some files may be inaccessible until you login with your Deakin Research Online credentials)
Name Description MIMEType Size Downloads

Title Using relationship-building in event profiling for digital forensic investigations
Author(s) Batten, Lynn
Pan, Lei
Conference name International ICST Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia (3rd : 2010 : Shanghai, China)
Conference location Shangai, China
Conference dates 11-12 Nov. 2010
Title of proceedings e-Forensics 2010 : Proceedings of the 3rd International ICST Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia
Editor(s) [Unknown]
Publication date 2010
Conference series International ICST Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia
Total pages 14
Publisher Springer
Place of publication [Shangai, China]
Keyword(s) digital forensics
relation
event profiling
Summary In a forensic investigation, computer profiling is used to capture evidence and to examine events surrounding a crime. A rapid increase in the last few years in the volume of data needing examination has led to an urgent need for automation of profiling. In this paper, we present an efficient, automated event profiling approach to a forensic investigation for a computer system and its activity over a fixed time period. While research in this area has adopted a number of methods, we extend and adapt work of Marrington et al. based on a simple relational model. Our work differs from theirs in a number of ways: our object set (files, applications etc.) can be enlarged or diminished repeatedly during the analysis; the transitive relation between objects is used sparingly in our work as it tends to increase the set of objects requiring investigative attention; our objective is to reduce the volume of data to be analyzed rather than extending it. We present a substantial case study to illuminate the theory presented here. The case study also illustrates how a simple visual representation of the analysis could be used to assist a forensic team.
ISBN 9789639995109
Language eng
Field of Research 080109 Pattern Recognition and Data Mining
Socio Economic Objective 810107 National Security
HERDC Research category E1 Full written paper - refereed
HERDC collection year 2010
Persistent URL http://hdl.handle.net/10536/DRO/DU:30033840

Document type: Conference Paper
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in Deakin Research Online is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 202 Abstract Views, 17 File Downloads  -  Detailed Statistics
Created: Wed, 13 Apr 2011, 15:12:11 EST by Sandra Dunoon