Visual Triage of Email Network Narratives for Digital Investigations
نویسندگان
چکیده
Email remains a key source of evidence during a digital investigation. The forensics examiner may be required to triage and analyse large email data sets for evidence. Current practice utilises tools and techniques that require a manual trawl through such data, which is a timeconsuming process. Recent research has focused on speeding up analysis through the use of data visualization and the quantitative analysis of emails, for example, by analysing actor relationships identified through this medium. However, these approaches are unable to analyse the qualitative content, or narrative, of the emails themselves to provide a much richer picture of the evidence. This paper posits a novel approach which combines both quantitative and qualitative analysis of emails using data visualization to elucidate qualitative information for the forensics examiner. In this way, the examiner is able to triage large volumes of emails to identify actor relationships as well as their network narrative. In order to demonstrate the applicability of this methodology, this paper applies it to a case study of email data.
منابع مشابه
Forensic triage of email network narratives through visualisation
Purpose – The purpose of this paper is to propose a novel approach that automates the visualisation of both quantitative data (the network) and qualitative data (the content) within emails to aid the triage of evidence during a forensics investigation. Email remains a key source of evidence during a digital investigation, and a forensics examiner may be required to triage and analyse large emai...
متن کاملSix Simple Schemata for Approximating Bayesian Belief Networks
Two families comprising six simple schemata, which reproduce with high accuracy the outputs of Bayesian belief networks as used in actual digital forensic investigations, are described, analyzed, and evaluated numerically. Their application as a forensic triage measure to help in deciding whether a full digital forensic investigation is warranted is critically discussed. The concept of a digita...
متن کاملA Framework for the Forensic Investigation of Unstructured Email Relationship Data
The continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social netw...
متن کاملThe Social Network and Relationship Finder: Social Sorting for Email Triage
Email triage is the process of going through unhandled email and deciding what to do with it. This process can quickly become a serious problem for users with large volumes of email. Studies have found that people use a variety of approaches to triage their email, many of which have a social component. We believe that email clients can better support email triage by providing users with additio...
متن کاملIMMERSION: A Platform for Visualization and Temporal Analysis of Email Data
Visual narratives of our lives enable us to reflect upon our past relationships, collaborations and significant life events. Additionally, they can also serve as digital archives, thus making it possible for others to access, learn from and reflect upon our life’s trajectory long after we are gone. In this thesis, I propose and develop a webbased platform called Immersion, which reveals the net...
متن کامل