Skip to main content
SpringerLink
Log in
Book cover

International Conference on Forensics in Telecommunications, Information, and Multimedia

e-Forensics 2010: Forensics in Telecommunications, Information, and Multimedia pp 40–52Cite as

Using Relationship-Building in Event Profiling for Digital Forensic Investigations

  • Conference paper

Abstract

In a forensic investigation, computer profiling is used to capture evidence and to examine events surrounding a crime. A rapid increase in the last few years in the volume of data needing examination has led to an urgent need for automation of profiling. In this paper, we present an efficient, automated event profiling approach to a forensic investigation for a computer system and its activity over a fixed time period. While research in this area has adopted a number of methods, we extend and adapt work of Marrington et al. based on a simple relational model. Our work differs from theirs in a number of ways: our object set (files, applications etc.) can be enlarged or diminished repeatedly during the analysis; the transitive relation between objects is used sparingly in our work as it tends to increase the set of objects requiring investigative attention; our objective is to reduce the volume of data to be analyzed rather than extending it. We present a substantial case study to illuminate the theory presented here. The case study also illustrates how a simple visual representation of the analysis could be used to assist a forensic team.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abraham, T., de Vel, O.: Investigative Profiling with Computer Forensic Log Data and Association Rules. In: Proceedings of the 2002 IEEE International Conference on Data Mining, pp. 11–18 (2002)

    Google Scholar 

  2. Agrawal, R., Imielinski, T., Swami, A.: Mining Association Rules between Sets of Items in Large Databases. In: Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data, pp. 207–216 (1993)

    Google Scholar 

  3. Carrier, B.: File System Forensic Analysis. Upper Saddle River, Addison-Wesley (2005)

    Google Scholar 

  4. Garfinkel, S.L.: Forensic Feature Extraction and Cross-Drive Analysis. Digital Investigation 3, 71–81 (2006)

    Article  Google Scholar 

  5. Gladyshev, P., Patel, A.: Finite State Machine Approach to Digital Event Reconstruction. Digital Investigation 1, 130–149 (2004)

    Article  Google Scholar 

  6. Herstein, I.N.: Topics in Algebra, 2nd edn. Wiley, New York (1975)

    MATH  Google Scholar 

  7. Hwang, H.-U., Kim, M.-S., Noh, B.-N.: Expert System Using Fuzzy Petri Nets in Computer Forensics. In: Szczuka, M.S., Howard, D., Ślȩzak, D., Kim, H.-k., Kim, T.-h., Ko, I.-s., Lee, G., Sloot, P.M.A. (eds.) ICHIT 2006. LNCS (LNAI), vol. 4413, pp. 312–322. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  8. Kwan, M., Chow, K.-P., Law, F., Lai, P.: Reasoning about Evidence Using Bayesian Networks. In: Proceedings of IFIP International Federation for Information Processing. Advances in Digital Forensics IV, vol. 285, pp. 275–289. Springer, Heidelberg (2008)

    Google Scholar 

  9. Liu, Z., Wang, N., Zhang, H.: Inference Model of Digital Evidence based on cFSA. In: Proceedings IEEE International Conference on Multimedia Information Networking and Security, pp. 494–497 (2009)

    Google Scholar 

  10. Marrington, A., Mohay, G., Morarji, H., Clark, A.: Computer Profiling to Assist Computer Forensic Investigations. In: Proceedings of RNSA Recent Advances in Security Technology, pp. 287–301 (2006)

    Google Scholar 

  11. Marrington, A., Mohay, G., Morarji, H., Clark, A.: Event-based Computer Profiling for the Forensic Reconstruction of Computer Activity. In: Proceedings of AusCERT 2007, pp. 71–87 (2007)

    Google Scholar 

  12. Marrington, A.: Computer Profiling for Forensic Purposes. PhD thesis, QUT, Australia (2009)

    Google Scholar 

  13. Tian, R., Batten, L., Versteeg, S.: Function Length as a Tool for Malware Classification. In: Proceedings of 3rd International Conference on Malware 2008, pp. 79–86. IEEE Computer Society, Los Alamitos (2008)

    Google Scholar 

  14. Welsh, D.J.A.: Matroid Theory. Academic Press, London (1976)

    MATH  Google Scholar 

  15. Wolf, J., Bansal, N., Hildrum, K., Parekh, S., Rajan, D., Wagle, R., Wu, K.-L., Fleischer, L.K.: SODA: An Optimizing Scheduler for Large-Scale Stream-Based Distributed Computer Systems. In: Issarny, V., Schantz, R. (eds.) Middleware 2008. LNCS, vol. 5346, pp. 306–325. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Yu, S., Zhou, W., Doss, R.: Information Theory Based Detection against Network Behavior Mimicking DDoS Attacks. IEEE Communication Letters 12(4), 319–321 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of IT, Deakin University, Burwood, Victoria, 3125, Australia

    Lynn M. Batten & Lei Pan

Authors
  1. Lynn M. Batten
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 800 Dong Chuan Road, 200240, Shanghai, P.R. China

    Xuejia Lai  & Dawu Gu  & 

  2. The 3rd Research Institute of Ministry of Public Security, 339 bi Shen Road, A 303, Zhang Jiang, Pu Dong, 210031, Shangahi, P.R. China

    Bo Jin

  3. East China University of Political Science and Law, No. 555, Longyuan Road, Songjiang District, 201620, Shanghai, China

    Yongquan Wang

  4. Xidian University, P.O. Box 101, 710071, Xian, Shaanxi, P.R. China

    Hui Li

Rights and permissions

Reprints and permissions

Copyright information

© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Batten, L.M., Pan, L. (2011). Using Relationship-Building in Event Profiling for Digital Forensic Investigations. In: Lai, X., Gu, D., Jin, B., Wang, Y., Li, H. (eds) Forensics in Telecommunications, Information, and Multimedia. e-Forensics 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23602-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23602-0_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23601-3

  • Online ISBN: 978-3-642-23602-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation