Skip to main content
SpringerLink
Log in

Data Reduction and Data Mining Frame-Work

  • Chapter
  • First Online:
Big Digital Forensic Data

Part of the book series: SpringerBriefs on Cyber Security Systems and Networks ((BRIEFSCSSN))

  • 895 Accesses

Abstract

As highlighted in Chap. 2, there is a need for a methodology and framework for data reduction and data mining of digital forensic data. This chapter outlines the digital forensic data reduction and data mining framework, which endeavours to expand the process used for traditional forensic computer analysis to include data reduction, data mining, and input from external source data. This serves to expand common digital forensic frameworks, to be applicable when dealing with a large volume of digital forensic data.

Material presented in this chapter is based on the following publication:

Quick, D. and K.-K.R. Choo, Data Reduction and Data Mining Framework for Digital Forensic Evidence: Storage, Intelligence, Review and Archive. Trends and Issues in Crime and Criminal Justice, 2014. 480: p. 1–11.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.engadget.com/2016/07/19/seagate-unveils-a-10tb-hard-drive-for-your-home-pc/.

References

  • Abraham, T. (2006). Event sequence mining to develop profiles for computer forensic investigation purposes. In ACSW Frontiers ‘06: Proceedings of the 2006 Australasian Workshops on Grid Computing and E-Research (pp. 145–153).

    Google Scholar 

  • ACPO. (2006). Good practice guidelines for computer based evidence v4.0, Association of Chief Police Officers viewed 5 March 2014, www.7safe.com/electronic_evidence.

  • Alink, W., Bhoedjang, R. A. F., Boncz, P. A., & de Vries, A. P. (2006). XIRAF–XML-based indexing and querying for digital forensics. Digital Investigation, 3(Suppl. 0), 50–58.

    Article  Google Scholar 

  • Alzaabi, M., Jones, A., & Martin, T. A. (2013). An ontology-based forensic analysis tool. Journal of Digital Forensics, Security and Law, 2013(Conference Supplement), 121–135.

    Google Scholar 

  • Beebe, N. (2009). Digital forensic research: The good, the bad and the unaddressed. In Advances in digital forensics (pp. 17–36). Springer.

    Chapter  Google Scholar 

  • Beebe, N., & Clark, J. (2005). Dealing with terabyte data sets in digital investigations. In Advances in digital forensics (pp. 3–16).

    Google Scholar 

  • Best_Buy. (2013). WD–My Book Essential 3 TB External USB 3.0/2.0 Hard Drive–Black, viewed 11 August 2013, http://www.bestbuy.com/site/WD—My-Book-Essential-3TB-External-USB-3.0/2.0-Hard-Drive—Black/1261281.p?id=1218244145647&skuId=1261281.

  • Bhoedjang, R. A. F., van Ballegooij, A. R., van Beek, H. M. A., van Schie, J. C., Dillema, F. W., van Baar, R. B., et al. (2012). Engineering an online computer forensic service. Digital Investigation, 9(2), 96–108.

    Article  Google Scholar 

  • Brown, R., Pham, B., & de Vel, O. (2005). Design of a digital forensics image mining system. In Knowledge-based intelligent information and engineering systems (pp. 395–404).

    Google Scholar 

  • Bunting, S., & Wei, W. (2006). EnCase computer forensics: The official EnCE: EnCaseCertified examiner study guide. Indianapolis, IN: Wiley.

    Google Scholar 

  • Carrier, B. (2005). File system forensic analysis. NJ: Addison-Wesley Boston.

    Google Scholar 

  • Carvey, H. (2011). Windows registry forensics: Advanced digital forensic analysis of the windows registry. Elsevier.

    Google Scholar 

  • Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Elsevier.

    Google Scholar 

  • FBI_RCFL. (2003–2012). FBI Regional Computer Forensic Laboratory Annual Reports 2003–2012, FBI, Quantico.

    Google Scholar 

  • Ferraro, M. M., & Russell, A. (2004). Current issues confronting well-established computer-assisted child exploitation and computer crime task forces. Digital Investigation, 1(1), 7–15.

    Article  Google Scholar 

  • Garfinkel, S. (2006a). Forensic feature extraction and cross-drive analysis. Digital Investigation, 3, 71–81.

    Article  Google Scholar 

  • Garfinkel, S. (2006b). Forensic feature extraction and cross-drive analysis. Digital Investigation, 3(Suppl. 0), 71–81.

    Article  Google Scholar 

  • Garfinkel, S. (2010) Digital forensics research: The next 10 years. Digital Investigation, 7(Suppl. 0), S64–S73.

    Article  Google Scholar 

  • Garfinkel, S., Farrell, P., Roussev, V., & Dinolt, G. (2009). Bringing Science to Digital Forensics with Standardized Forensic Corpora, DFRWS 2009, Montreal, Canada, DFRWS 2009, Montreal, Canada, viewed 9 September, http://digitalcorpora.org/corpora/disk-images.

    Article  Google Scholar 

  • Giri. (2012). EMC Isilon 15 PB Storage system, Giri Infrastructure, viewed 11 August, http://giriinfrastructure.blogspot.com.au/2012/01/emc-isilon-15pb-storage-system.html.

  • Greiner, L. (2009). Sniper forensics. NetWorker, 13(4), 8–10.

    Article  Google Scholar 

  • Hoelz, B., Ralha, C., & Geeverghese, R. (2009). Artificial intelligence applied to computer forensics. In SAC ‘09: Proceedings of the 2009 ACM Symposium on Applied Computing (pp. 883–888). ACM.

    Google Scholar 

  • Huang, J., Yasinsac, A., & Hayes, P. J. (2010). Knowledge sharing and reuse in digital forensics. In 2010 fifth IEEE international workshop on systematic approaches to digital forensic engineering (SADFE) (pp. 73–78) IEEE.

    Google Scholar 

  • Justice, UDo. (2016). Office of the Inspector General. Audit of the Federal Bureau of Investigation’s New Jersey Regional Computer Forensic Laboratory, https://oig.justice.gov/reports/2016/a1611.pdf.

  • Kenneally, E., & Brown, C. (2005). Risk sensitive digital evidence collection. Digital Investigation, 2(2), 101–119.

    Article  Google Scholar 

  • Lee, J., Un, S., & Hong, D. (2008). High-speed search using Tarari content processor in digital forensics. Digital Investigation, 5, S91–S95.

    Article  Google Scholar 

  • Marziale, L., Richard, G., & Roussev, V. (2007). Massive threading: Using GPUs to increase the performance of digital forensics tools. Digital Investigation, 4, 73–81.

    Article  Google Scholar 

  • McKemmish, R. (1999), What is forensic computing?

    Google Scholar 

  • Nance, K., Hay, B., & Bishop, M. (2009) Digital forensics: Defining a research agenda. In 42nd Hawaii international conference on system sciences, 2009, HICSS’09 (pp. 1–6). IEEE.

    Google Scholar 

  • NIJ. (2004). Forensic examination of digital evidence: A guide for law enforcement, http://nij.gov/nij/pubs-sum/199408.htm.

  • NIJ. (2008). Electronic crime scene investigation: A guide for first responders (2nd ed.), http://www.nij.gov/pubs-sum/219941.htm.

  • Palmer, G. (2001). A road map for digital forensic research. In Report from the first digital forensic research workshop (DFRWS), August 7–8, 2001.

    Google Scholar 

  • Parsonage, H. (2009). Computer Forensics Case Assessment and Triage - some ideas for discussion, viewed 4 August, http://computerforensics.parsonage.co.uk/triage/triage.htm.

  • Pollitt, M. M. (2013). Triage: A practical solution or admission of failure. Digital Investigation, 10(2), 87–88.

    Article  Google Scholar 

  • Pringle, N., & Sutherland, I. (2008). Is a computational grid a suitable platform for high performance digital forensics? In Proceedings of the 7th European Conference on Information Warfare and Security (p. 175). Academic Conferences Limited.

    Google Scholar 

  • Quarnby, N., & Young, L. J. (2010). Managing intelligence–The art of influence. Sydney, Australia: The Federation Press.

    Google Scholar 

  • Quick, D., & Choo, K. (2013a). Dropbox analysis: Data remnants on user machines. Digital Investigation, 10(1), 3–18.

    Article  Google Scholar 

  • Quick, D., & Choo, K. (2013b). Digital Droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), 1378–1394.

    Article  Google Scholar 

  • Quick, D., & Choo, K.-K. R. (2013c). Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Digital Investigation, 10(3), 266–277.

    Article  Google Scholar 

  • Quick, D., & Choo, K.-K. R. (2014). Google drive: Forensic analysis of data remnants. J. Network and Computer Applications, 40, 179–193.

    Article  Google Scholar 

  • Quick, D., Martini, B., & Choo, K.-K. R. (2014). Cloud storage forensics. Syngress: An Imprint of Elsevier.

    Google Scholar 

  • Raghavan, S. (2013). Digital forensic research: Current state of the art. CSI Transactions on ICT, 1(1), 91–114.

    Article  Google Scholar 

  • Raghavan, S., Clark, A., & Mohay, G. (2009). FIA: An open forensic integration architecture for composing digital evidence. In Forensics in telecommunications, information and multimedia (pp. 83–94). Springer.

    Google Scholar 

  • Ratcliffe, J. (2003). Intelligence-led policing. Trends and Issues in Crime and Criminal Justice, 248, 1–6.

    Google Scholar 

  • Reyes, A., Oshea, K., Steele, J., Hansen, J., Jean, B., & Ralph, T. (2007). Digital forensics and analyzing data (pp. 219–259). Cyber Crime Investigations: Elsevier.

    Google Scholar 

  • Richard, G., & Roussev, V. (2006). Next-generation digital forensics. Commun ACM, 49(2), 76–80.

    Article  Google Scholar 

  • Roussev, V., & Richard, G. (2004). Breaking the performance wall: The case for distributed digital forensics. In Proceedings of the 2004 Digital Forensics Research Workshop.

    Google Scholar 

  • Schatz, B., & Clark, A. J. (2006). An open architecture for digital evidence integration. In AusCERT Asia Pacific information technology security conference, 21–26 May 2006.

    Google Scholar 

  • Shannon, M. (2004). Forensic relative strength scoring: ASCII and entropy scoring. International Journal of Digital Evidence, 2(4), 151–169.

    Google Scholar 

  • Sheldon, A. (2005). The future of forensic computing. Digital Investigation: The International Journal of Digital Forensics and Incident Response, 2(1), 31–35.

    Article  Google Scholar 

  • Shiaeles, S., Chryssanthou, A., & Katos, V. (2013). On-scene triage open source forensic tool chests: Are they effective? Digital Investigation, 10(2), 99–115.

    Article  Google Scholar 

  • Suleman, K. (2011). EMC World 2011: Isilon debuts 15 PB NAS single file storage system, V3.co.uk, viewed 11 August, http://www.v3.co.uk/v3-uk/news/2069388/emc-world-2011-isilon-debuts-15pb-nas-single-file-storage.

  • Teelink, S., & Erbacher, R. (2006). Improving the computer forensic analysis process through visualization. Communication of ACM, 49(2), 71–75.

    Article  Google Scholar 

  • Turner, P. (2005). Unification of digital evidence from disparate sources (Digital Evidence Bags). Digital Investigation, 2(3), 223–228.

    Article  Google Scholar 

  • Turner, P. (2007). Applying a forensic approach to incident response, network investigation and system administration using Digital Evidence Bags. Digital Investigation, 4(1), 30–35.

    Article  Google Scholar 

  • UNODC. (2011). United Nations office on drugs and crime–Criminal intelligence manual for analysts. New York, Vienna, Austria: United Nations.

    Google Scholar 

  • van Baar, R.B., van Beek, H. M. A., & van Eijk, E. J. (2014). Digital forensics as a service: A game changer. Digital Investigation, 11(Suppl. 1, no. 0), S54–S62.

    Article  Google Scholar 

  • Vidas, T., Kaplan, B., & Geiger, M. (2014). OpenLV: Empowering investigators and first-responders in the digital forensics process. Digital Investigation, 11(Suppl. 1, no. 0), S45–S53.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of South Australia, Adelaide, SA, Australia

    Darren Quick

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

Authors
  1. Darren Quick
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 The Author(s)

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Quick, D., Choo, KK. (2018). Data Reduction and Data Mining Frame-Work. In: Big Digital Forensic Data. SpringerBriefs on Cyber Security Systems and Networks. Springer, Singapore. https://doi.org/10.1007/978-981-10-7763-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-7763-0_3

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-7762-3

  • Online ISBN: 978-981-10-7763-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation