Deakin home > Deakin University Library > Deakin Research Online > Using relationship-building in event profiling for digital forensic investigations

Using relationship-building in event profiling for digital forensic investigations

Batten, Lynn M. and Pan, Lei 2011, Using relationship-building in event profiling for digital forensic investigations, in Forensics in telecommunications, information, and multimedia : third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, revised selected papers, Springer-Verlag, Berlin, Germany, pp.40-52.

Document type: Book Chapter
Collection: School of Information Technology
Attached Files (Some files may be inaccessible until you login with your Deakin Research Online credentials)
Name Description MIMEType Size Downloads

Title Using relationship-building in event profiling for digital forensic investigations
Author(s) Batten, Lynn M.
Pan, Lei
Title of book Forensics in telecommunications, information, and multimedia : third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, revised selected papers
Editor(s) Lai, Xuejia
Gu, Dawu
Jin, Bo
Wang, Yongsquan
Li, Hui
Publication date 2011
Series Lecture notes of the Institute for Computer Sciences, Social Informatics, and Telecommunications Engineering ; 56
Chapter number 4
Total chapters 30
Start page 40
End page 52
Total pages 13
Publisher Springer-Verlag
Place of Publication Berlin, Germany
Keyword(s) digital forensics
event profiling
relation
Summary In a forensic investigation, computer profiling is used to capture evidence and to examine events surrounding a crime. A rapid increase in the last few years in the volume of data needing examination has led to an urgent need for automation of profiling. In this paper, we present an efficient, automated event profiling approach to a forensic investigation for a computer system and its activity over a fixed time period. While research in this area has adopted a number of methods, we extend and adapt work of Marrington et al. based on a simple relational model. Our work differs from theirs in a number of ways: our object set (files, applications etc.) can be enlarged or diminished repeatedly during the analysis; the transitive relation between objects is used sparingly in our work as it tends to increase the set of objects requiring investigative attention; our objective is to reduce the volume of data to be analyzed rather than extending it. We present a substantial case study to illuminate the theory presented here. The case study also illustrates how a simple visual representation of the analysis could be used to assist a forensic team.
ISBN 9783642236020
3642236022
9783642236020
ISSN 1867-8211
1867-822X
Language eng
Field of Research 080109 Pattern Recognition and Data Mining
Socio Economic Objective 810107 National Security
HERDC Research category B2 Book chapter in non-commercially published book
Copyright notice ©2011, ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
Persistent URL http://hdl.handle.net/10536/DRO/DU:30043197
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in Deakin Research Online is owned by the author, with all rights reserved.
Versions
Version Filter Type
Access Statistics: 43 Abstract Views, 7 File Downloads  -  Detailed Statistics
Created: Tue, 13 Mar 2012, 09:53:20 EST