Using relationship-building in event profiling for digital forensic investigations

Batten, Lynn M. and Pan, Lei 2011, Using relationship-building in event profiling for digital forensic investigations, in Forensics in telecommunications, information, and multimedia : third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, revised selected papers, Springer-Verlag, Berlin, Germany, pp.40-52.

Attached Files
Name Description MIMEType Size Downloads

Title Using relationship-building in event profiling for digital forensic investigations
Author(s) Batten, Lynn M.
Pan, Lei
Title of book Forensics in telecommunications, information, and multimedia : third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, revised selected papers
Editor(s) Lai, Xuejia
Gu, Dawu
Jin, Bo
Wang, Yongsquan
Li, Hui
Publication date 2011
Series Lecture notes of the Institute for Computer Sciences, Social Informatics, and Telecommunications Engineering ; 56
Chapter number 4
Total chapters 30
Start page 40
End page 52
Total pages 13
Publisher Springer-Verlag
Place of Publication Berlin, Germany
Keyword(s) digital forensics
event profiling
relation
Summary In a forensic investigation, computer profiling is used to capture evidence and to examine events surrounding a crime. A rapid increase in the last few years in the volume of data needing examination has led to an urgent need for automation of profiling. In this paper, we present an efficient, automated event profiling approach to a forensic investigation for a computer system and its activity over a fixed time period. While research in this area has adopted a number of methods, we extend and adapt work of Marrington et al. based on a simple relational model. Our work differs from theirs in a number of ways: our object set (files, applications etc.) can be enlarged or diminished repeatedly during the analysis; the transitive relation between objects is used sparingly in our work as it tends to increase the set of objects requiring investigative attention; our objective is to reduce the volume of data to be analyzed rather than extending it. We present a substantial case study to illuminate the theory presented here. The case study also illustrates how a simple visual representation of the analysis could be used to assist a forensic team.
ISBN 3642236022
9783642236020
ISSN 1867-8211
1867-822X
Language eng
Field of Research 080109 Pattern Recognition and Data Mining
Socio Economic Objective 810107 National Security
HERDC Research category B2 Book chapter in non-commercially published book
Copyright notice ©2011, Springer
Persistent URL http://hdl.handle.net/10536/DRO/DU:30043197

Document type: Book Chapter
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 70 Abstract Views, 9 File Downloads  -  Detailed Statistics
Created: Tue, 13 Mar 2012, 09:53:20 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.