Title :
A novel approach to evaluating similarity in computer forensic investigations
Author :
Hankins, Ryan Q. ; Jigang Liu
Author_Institution :
Dell Inc. Eden Prairie, Eden, MN, USA
Abstract :
Abstraction-based approaches to data analysis in computer forensics require substantial human effort to determine what data is useful. Automated or semi-automated, similarity-based approaches allow rapid computer forensics analysis of large data sets with less focus on untangling many layers of abstraction. Rapid and automated ranking of data by its value to a computer forensics investigation eliminates much of the human effort required in the computer forensics process, leaving investigators to judge and specify what data is interesting, and automating the rest of analysis. In this paper, we develop two algorithms that find portions of a string relevant to an investigation, then refine that portion using a combination of human and computer analysis to rapidly and effectively extract the most useful data from the string, speeding, automatically documenting, and partially automating analysis.
Keywords :
data analysis; digital forensics; abstraction-based approach; computer analysis; computer forensic investigations; data analysis; data ranking; human analysis; similarity evaluation; similarity-based approach; Algorithm design and analysis; Computational complexity; Computers; Digital forensics; Measurement;
Conference_Titel :
Electro/Information Technology (EIT), 2014 IEEE International Conference on
Conference_Location :
Milwaukee, WI
DOI :
10.1109/EIT.2014.6871826
