Automatically Unaware: Using Data Analytics to Detect Physiological Markers of Cybercrime

  • Nancy MogireEmail author
  • Randall K. Minas
  • Martha E. Crosby
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10915)


Cybercrime investigation is reliant on availability of adequate and valid digital artifacts useable for reconstructing security incidents or triangulating other available information to make it useful. Various operational artifacts of computer systems, networks and software have been studied and gradually applied as forensic evidence. However the scope of studies on human-generated artifacts as forensic evidence has been limited mostly focusing on surveillance images, with DNA deposits being widely studied via older forensic fields. We present the case that further focus on human-centric evidence in form of physiological measurements is useful in triangulating other evidence as well as in making some direct inferences. In this concept paper: we pair electroencephalography (EEG) with change point detection algorithms to conceptually model the acquisition and processing of EEG signals into forensic artifacts; propose continuous data reduction and packaging to keep the system forensic-ready; suggest a schema for validating such artifacts towards their applicability as forensic evidence; and model a study to be used in testing the conceptual model. This work contributes to cybersecurity research by highlighting human-generated artifacts as a forensic big data resource and presenting a methodology for harnessing the data to turn it into useful information.


Digital forensics Forensics artifacts Physiological measures Electroencephalography Cybersecurity 


  1. 1.
    Cybercrime: Legal Guidance: Crown Prosecution Service. (2017). Accessed 28 Oct 2017
  2. 2.
    Holt, T., Bossler, A.: An assessment of the current state of cybercrime scholarship. Deviant Behav. 35(1), 20–40 (2013)CrossRefGoogle Scholar
  3. 3.
    Kahneman, D.: Thinking, Fast and Slow. Farrar, Straus and Giroux, New York (2015)Google Scholar
  4. 4.
    Stanovich, K., West, R.: Individual differences in reasoning: implications for the rationality debate? Behav. Brain Sci. 23(5), 645–665 (2000)CrossRefGoogle Scholar
  5. 5.
    Hausknecht, K., Gruicic, S.: Anti-computer forensics. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (2017)Google Scholar
  6. 6.
    Resendez, I., Martinez, P., Abraham, J.: An introduction to digital forensics (2017)Google Scholar
  7. 7.
    Baggili, I., Oduro, J., Anthony, K., Breitinger, F., McGee, G.: Watch what you wear: preliminary forensic analysis of smart watches. In: 2015 10th International Conference on Availability, Reliability and Security (2015)Google Scholar
  8. 8.
    Neuner, S., Mulazzani, M., Schrittwieser, S., Weippl, E.: Gradually improving the forensic process. In: 2015 10th International Conference on Availability, Reliability and Security (2015)Google Scholar
  9. 9.
    Harris, R.: Arriving at an anti-forensics consensus: examining how to define and control the anti-forensics problem. Digit. Invest. 3, 44–49 (2006)CrossRefGoogle Scholar
  10. 10.
    Endicott-Popovsky, B.: Digital evidence and forensic readiness (2017)Google Scholar
  11. 11.
    Carrier, B., Spafford, E.: An event-based digital forensic investigation framework (2004). Accessed 28 Oct 2017
  12. 12.
    Kazadi, J., Jazri, H.: Using digital forensic readiness model to increase the forensic readiness of a computer system. In: 2015 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC) (2015)Google Scholar
  13. 13.
    Palmer, G.: Forensic analysis in a digital world. Int. J. Digit. Evid. 1(1), 1–6 (2002)MathSciNetGoogle Scholar
  14. 14.
    Cohen, F.: Challenges to Digital Forensic Evidence, 129 p. Fred Cohen & Associates, Livermore (2008). ISBN 1-878109-41-3Google Scholar
  15. 15.
    Boddington, R., Hobbs,V., Mann, G.: Validating digital evidence for legal argument. In: Australian Digital Forensics Conference (2017)Google Scholar
  16. 16.
    Mondal, S., Bours, P.: Continuous authentication and identification for mobile devices: combining security and forensics. In: 2015 IEEE International Workshop on Information Forensics and Security (WIFS) (2015)Google Scholar
  17. 17.
    Nunez, P., Katznelson, R.: Electric Fields of the Brain. Oxford University Press, New York (1981)Google Scholar
  18. 18.
    Başar, E.: Brain Function and Oscillations. Springer, Heidelberg (1998). Scholar
  19. 19.
    Regan, D.: Human Brain Electrophysiology, pp. 1–147. Elsevier, New York (1989)Google Scholar
  20. 20.
    Zuquete, A., Quintela, B., Cunha, J.: Biometric authentication using electroencephalograms: a practical study using visual evoked potentials. Electrónica e Telecomunicações 5(2), 185–194 (2010)Google Scholar
  21. 21.
    Palaniappan, R.: Electroencephalogram-based Brain–Computer Interface: an introduction. In: Miranda, E.R., Castet, J. (eds.) Guide to Brain-Computer Music Interfacing, pp. 29–41. Springer, London (2014). Scholar
  22. 22.
    Snodgrass, J., Vanderwart, M.: A standardized set of 260 pictures: norms for name agreement, image agreement, familiarity, and visual complexity. J. Exp. Psychol. Hum. Learn. Memory 6(2), 174–215 (1980)CrossRefGoogle Scholar
  23. 23.
    Gui, Q., Jin, Z., Xu, W.: Exploring EEG-based biometrics for user identification and authentication. In: 2014 IEEE Signal Processing in Medicine and Biology Symposium (SPMB) (2014)Google Scholar
  24. 24.
    Acharya, U., Molinari, F., Sree, S., Chattopadhyay, S., Ng, K., Suri, J.: Automated diagnosis of epileptic EEG using entropies. Biomed. Signal Process. Control 7(4), 401–408 (2012)CrossRefGoogle Scholar
  25. 25.
    da Silveira, T., Kozakevicius, A., Rodrigues, C.: Automated drowsiness detection through wavelet packet analysis of a single EEG channel. Expert Syst. Appl. 55, 559–565 (2016)CrossRefGoogle Scholar
  26. 26.
    Li, X., Hu, B., Sun, S., Cai, H.: EEG-based mild depressive detection using feature selection methods and classifiers. Comput. Methods Programs Biomed. 136, 151–161 (2016)CrossRefGoogle Scholar
  27. 27.
    Cakmak, R., Zeki, A.: Neuro signal based lie detection. In: 2015 IEEE International Symposium on Robotics and Intelligent Sensors (IRIS) (2015)Google Scholar
  28. 28.
    Al Solami, E., Boyd, C., Clark, A., Islam, A.: Continuous biometric authentication: can it be more practical? In: 2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC) (2010)Google Scholar
  29. 29.
    Yu, H., Li, C., Dauwels, J.: Network inference and change point detection for piecewise-stationary time series. In: 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (2014)Google Scholar
  30. 30.
    Aminikhanghahi, S., Cook, D.: Using change point detection to automate daily activity segmentation. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops) (2017)Google Scholar
  31. 31.
    Granjon, P.: The CUSUM algorithm a small review (2012). Accessed 28 Oct 2017
  32. 32.
    Onton, J., Westerfield, M., Townsend, J., Makeig, S.: Imaging human EEG dynamics using independent component analysis. Neurosci. Biobehav. Rev. 30(6), 808–822 (2006)CrossRefGoogle Scholar
  33. 33.
    Validity (statistics): (2017). Accessed 28 Oct 2017

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Nancy Mogire
    • 1
    Email author
  • Randall K. Minas
    • 2
  • Martha E. Crosby
    • 1
  1. 1.Information and Computer SciencesUniversity of Hawaii at ManoaHonoluluUSA
  2. 2.Shidler College of BusinessUniversity of Hawaii at ManoaHonoluluUSA

Personalised recommendations