Event sequence mining to develop profiles for computer forensic investigation purposes
نویسنده
چکیده
Developing profiles to describe user or system behaviour is a useful technique employed in Computer Forensic investigations. Information found in data obtained by investigators can often be used to establish a view of regular usage patterns which can then be examined for unusual occurrences. This paper describes one such method based on details provided by events found within computer forensic evidence. Events compiled from potentially numerous sources are grouped according to some criteria and frequently occurring event sequences are established. The methodology and techniques to extract and contrast these sequences are then described and discussed along with similar prior work in the same domain.
منابع مشابه
Future directions of forensic DNA databases
Forensic DNA databases are indispensable tools of the law enforcement system. The purpose of establishing forensic DNA databases was to develop investigative leads for solving crime and usually was the purview of “criminal justice agencies for law enforcement identification purposes” (1). The forensic DNA databases of most countries generally contain two types of profiles: 1) reference profiles...
متن کاملRecognition of Sequence of Print and Ink Strokes: Investigation the Effect of Handwriting Pressure, Hue of Ink, Printer and Paper Type
By introducing of digital techniques, forensic document examiners has been encouraged to work with better accuracy in non-destructive ways. The aim of this study was to present a non-destructive, accessible, economic (affordable), user friendly, portable, useful and easy technique for specifying the order of crossing lines of ink stroke and printed text. The intersections of LaserJet and In...
متن کاملTowards Identifying Criteria for the Evidential Weight of System Event Logs
Despite the widespread use of computing in almost all functions of contemporary society and the consequently large number of forensic investigations where computing has been involved, there has been little progress made in adapting the primary mechanism by which computers record past activity, namely event logs to facilitate computer forensic investigation. From an evidence point of view system...
متن کاملA Digital Forensic Tool for Cyber Crime Data mining
Digital forensics is the science of identifying, extracting, analysing and presenting the digital evidence that has been stored in the digital devices. Various digital tools and techniques are being used to achieve this. Our paper explains emerging cyber crimes, forensic analysis steps in the storage media, hidden data analysis in the file system, network forensic methods and cyber crime data m...
متن کاملInvestigative Profiling with Computer Forensic Log Data and Association Rules
Investigative profiling is an important activity in computer forensics that can narrow the search for one or more computer perpetrators. Data mining is a technique that has produced good results in providing insight into large volumes of data. This paper describes how the association rule data mining technique may be employed to generate profiles from log data and the methodology used for the i...
متن کامل