Abstract
In recent times, digital evidence has found its way into several digital devices. The storage capacity in these devices is also growing exponentially. When investigators come across such devices during a digital investigation, it may take several man-hours to completely analyze the contents. To date, there has been little achieved in the zone that attempts to bring together different evidence sources and attempt to correlate the events they record. In this paper, we present an evidence composition model based on the time of occurrence of such events. The time interval between events promises to reveal many key associations across events, especially when on multiple sources. The time interval is then used as a parameter to a correlation function which determines quantitatively the extent of correlation between the events. The approach has been demonstrated on a network capture sequence involving phishing of a bank website. The model is scalable to an arbitrary set of evidence sources and preliminary results indicate that the approach has tremendous potential in determining correlations on vast repositories of case data.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bogen, A.C., Dampier, D.A.: Unifying Computer Forensics Modeling Approaches: Engineering Perspective. In: Proceedings of the First Intl. Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE 2005). IEEE Publication, Los Alamitos (2005)
Carrier, B.D., Spafford, E.H.: Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation. In: The Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS 2006), vol. 3(supplement 1), pp. 121–130 (2006)
Case, A., Cristina, A., Marziale, L., Richard, G.G., Roussev, V.: FACE: Automated digital evidence discovery and correlation, Digital Investigation. In: The Proceedings of the Eighth Annual DFRWS Conference, September 2008, vol. 5(Supplement 1), pp. S65–S75 (2008)
Cohen, M.I.: PyFlag - An advanced network forensic framework, Digital Investigation. In: The Proceedings of the Eighth Annual DFRWS Conference, September 2008, vol. 5(Supplement 1), pp. S112–S120 (2008)
Gladyshev, P., Patel, A.: Finite state machine approach to digital event reconstruction. Digital Investigation 1(2), 130–149 (2004)
Hosmer, C.: Digital evidence bag. Communications of the ACM 49(2), 69–70 (2006)
Jeyaraman, S., Atallah, M.J.: An Empirical Study of Automatic Event Reconstruction Systems, Digital Investigations. In: Proceedings of the 6th Annual Digital Forensic Research Workshop (DRFWS 2006), vol. 3(Supplement 1), pp. S108–S115 (2006)
Raghavan, S., Clark, A.J., Mohay, G.: FIA: An Open Forensic Integration Architecture for Composing Digital Evidence. In: Forensics in Telecommunications, Information and Multimedia. LNCS Series on Social Informatics and Telecommunications Engg., vol. 8, pp. 83–94. Springer, Heidelberg (2009)
Wang, W., Daniels, T.E.: Network Forensic Analysis with Evidence Graphs. Paper presented at the 5th Annual Digital Forensic Research Workshop, DFRWS 2005 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Raghavan, S., Raghavan, S.V. (2010). Digital Evidence Composition in Fraud Detection. In: Goel, S. (eds) Digital Forensics and Cyber Crime. ICDF2C 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 31. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11534-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-11534-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11533-2
Online ISBN: 978-3-642-11534-9
eBook Packages: Computer ScienceComputer Science (R0)