Abstract
As highlighted in Chap. 2, there is a need for a methodology and framework for data reduction and data mining of digital forensic data. This chapter outlines the digital forensic data reduction and data mining framework, which endeavours to expand the process used for traditional forensic computer analysis to include data reduction, data mining, and input from external source data. This serves to expand common digital forensic frameworks, to be applicable when dealing with a large volume of digital forensic data.
Material presented in this chapter is based on the following publication:
Quick, D. and K.-K.R. Choo, Data Reduction and Data Mining Framework for Digital Forensic Evidence: Storage, Intelligence, Review and Archive. Trends and Issues in Crime and Criminal Justice, 2014. 480: p. 1–11.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abraham, T. (2006). Event sequence mining to develop profiles for computer forensic investigation purposes. In ACSW Frontiers ‘06: Proceedings of the 2006 Australasian Workshops on Grid Computing and E-Research (pp. 145–153).
ACPO. (2006). Good practice guidelines for computer based evidence v4.0, Association of Chief Police Officers viewed 5 March 2014, www.7safe.com/electronic_evidence.
Alink, W., Bhoedjang, R. A. F., Boncz, P. A., & de Vries, A. P. (2006). XIRAF–XML-based indexing and querying for digital forensics. Digital Investigation, 3(Suppl. 0), 50–58.
Alzaabi, M., Jones, A., & Martin, T. A. (2013). An ontology-based forensic analysis tool. Journal of Digital Forensics, Security and Law, 2013(Conference Supplement), 121–135.
Beebe, N. (2009). Digital forensic research: The good, the bad and the unaddressed. In Advances in digital forensics (pp. 17–36). Springer.
Beebe, N., & Clark, J. (2005). Dealing with terabyte data sets in digital investigations. In Advances in digital forensics (pp. 3–16).
Best_Buy. (2013). WD–My Book Essential 3 TB External USB 3.0/2.0 Hard Drive–Black, viewed 11 August 2013, http://www.bestbuy.com/site/WD—My-Book-Essential-3TB-External-USB-3.0/2.0-Hard-Drive—Black/1261281.p?id=1218244145647&skuId=1261281.
Bhoedjang, R. A. F., van Ballegooij, A. R., van Beek, H. M. A., van Schie, J. C., Dillema, F. W., van Baar, R. B., et al. (2012). Engineering an online computer forensic service. Digital Investigation, 9(2), 96–108.
Brown, R., Pham, B., & de Vel, O. (2005). Design of a digital forensics image mining system. In Knowledge-based intelligent information and engineering systems (pp. 395–404).
Bunting, S., & Wei, W. (2006). EnCase computer forensics: The official EnCE: EnCaseCertified examiner study guide. Indianapolis, IN: Wiley.
Carrier, B. (2005). File system forensic analysis. NJ: Addison-Wesley Boston.
Carvey, H. (2011). Windows registry forensics: Advanced digital forensic analysis of the windows registry. Elsevier.
Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Elsevier.
FBI_RCFL. (2003–2012). FBI Regional Computer Forensic Laboratory Annual Reports 2003–2012, FBI, Quantico.
Ferraro, M. M., & Russell, A. (2004). Current issues confronting well-established computer-assisted child exploitation and computer crime task forces. Digital Investigation, 1(1), 7–15.
Garfinkel, S. (2006a). Forensic feature extraction and cross-drive analysis. Digital Investigation, 3, 71–81.
Garfinkel, S. (2006b). Forensic feature extraction and cross-drive analysis. Digital Investigation, 3(Suppl. 0), 71–81.
Garfinkel, S. (2010) Digital forensics research: The next 10 years. Digital Investigation, 7(Suppl. 0), S64–S73.
Garfinkel, S., Farrell, P., Roussev, V., & Dinolt, G. (2009). Bringing Science to Digital Forensics with Standardized Forensic Corpora, DFRWS 2009, Montreal, Canada, DFRWS 2009, Montreal, Canada, viewed 9 September, http://digitalcorpora.org/corpora/disk-images.
Giri. (2012). EMC Isilon 15Â PB Storage system, Giri Infrastructure, viewed 11 August, http://giriinfrastructure.blogspot.com.au/2012/01/emc-isilon-15pb-storage-system.html.
Greiner, L. (2009). Sniper forensics. NetWorker, 13(4), 8–10.
Hoelz, B., Ralha, C., & Geeverghese, R. (2009). Artificial intelligence applied to computer forensics. In SAC ‘09: Proceedings of the 2009 ACM Symposium on Applied Computing (pp. 883–888). ACM.
Huang, J., Yasinsac, A., & Hayes, P. J. (2010). Knowledge sharing and reuse in digital forensics. In 2010 fifth IEEE international workshop on systematic approaches to digital forensic engineering (SADFE) (pp. 73–78) IEEE.
Justice, UDo. (2016). Office of the Inspector General. Audit of the Federal Bureau of Investigation’s New Jersey Regional Computer Forensic Laboratory, https://oig.justice.gov/reports/2016/a1611.pdf.
Kenneally, E., & Brown, C. (2005). Risk sensitive digital evidence collection. Digital Investigation, 2(2), 101–119.
Lee, J., Un, S., & Hong, D. (2008). High-speed search using Tarari content processor in digital forensics. Digital Investigation, 5, S91–S95.
Marziale, L., Richard, G., & Roussev, V. (2007). Massive threading: Using GPUs to increase the performance of digital forensics tools. Digital Investigation, 4, 73–81.
McKemmish, R. (1999), What is forensic computing?
Nance, K., Hay, B., & Bishop, M. (2009) Digital forensics: Defining a research agenda. In 42nd Hawaii international conference on system sciences, 2009, HICSS’09 (pp. 1–6). IEEE.
NIJ. (2004). Forensic examination of digital evidence: A guide for law enforcement, http://nij.gov/nij/pubs-sum/199408.htm.
NIJ. (2008). Electronic crime scene investigation: A guide for first responders (2nd ed.), http://www.nij.gov/pubs-sum/219941.htm.
Palmer, G. (2001). A road map for digital forensic research. In Report from the first digital forensic research workshop (DFRWS), August 7–8, 2001.
Parsonage, H. (2009). Computer Forensics Case Assessment and Triage - some ideas for discussion, viewed 4 August, http://computerforensics.parsonage.co.uk/triage/triage.htm.
Pollitt, M. M. (2013). Triage: A practical solution or admission of failure. Digital Investigation, 10(2), 87–88.
Pringle, N., & Sutherland, I. (2008). Is a computational grid a suitable platform for high performance digital forensics? In Proceedings of the 7th European Conference on Information Warfare and Security (p. 175). Academic Conferences Limited.
Quarnby, N., & Young, L. J. (2010). Managing intelligence–The art of influence. Sydney, Australia: The Federation Press.
Quick, D., & Choo, K. (2013a). Dropbox analysis: Data remnants on user machines. Digital Investigation, 10(1), 3–18.
Quick, D., & Choo, K. (2013b). Digital Droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), 1378–1394.
Quick, D., & Choo, K.-K. R. (2013c). Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Digital Investigation, 10(3), 266–277.
Quick, D., & Choo, K.-K. R. (2014). Google drive: Forensic analysis of data remnants. J. Network and Computer Applications, 40, 179–193.
Quick, D., Martini, B., & Choo, K.-K. R. (2014). Cloud storage forensics. Syngress: An Imprint of Elsevier.
Raghavan, S. (2013). Digital forensic research: Current state of the art. CSI Transactions on ICT, 1(1), 91–114.
Raghavan, S., Clark, A., & Mohay, G. (2009). FIA: An open forensic integration architecture for composing digital evidence. In Forensics in telecommunications, information and multimedia (pp. 83–94). Springer.
Ratcliffe, J. (2003). Intelligence-led policing. Trends and Issues in Crime and Criminal Justice, 248, 1–6.
Reyes, A., Oshea, K., Steele, J., Hansen, J., Jean, B., & Ralph, T. (2007). Digital forensics and analyzing data (pp. 219–259). Cyber Crime Investigations: Elsevier.
Richard, G., & Roussev, V. (2006). Next-generation digital forensics. Commun ACM, 49(2), 76–80.
Roussev, V., & Richard, G. (2004). Breaking the performance wall: The case for distributed digital forensics. In Proceedings of the 2004 Digital Forensics Research Workshop.
Schatz, B., & Clark, A. J. (2006). An open architecture for digital evidence integration. In AusCERT Asia Pacific information technology security conference, 21–26 May 2006.
Shannon, M. (2004). Forensic relative strength scoring: ASCII and entropy scoring. International Journal of Digital Evidence, 2(4), 151–169.
Sheldon, A. (2005). The future of forensic computing. Digital Investigation: The International Journal of Digital Forensics and Incident Response, 2(1), 31–35.
Shiaeles, S., Chryssanthou, A., & Katos, V. (2013). On-scene triage open source forensic tool chests: Are they effective? Digital Investigation, 10(2), 99–115.
Suleman, K. (2011). EMC World 2011: Isilon debuts 15Â PB NAS single file storage system, V3.co.uk, viewed 11 August, http://www.v3.co.uk/v3-uk/news/2069388/emc-world-2011-isilon-debuts-15pb-nas-single-file-storage.
Teelink, S., & Erbacher, R. (2006). Improving the computer forensic analysis process through visualization. Communication of ACM, 49(2), 71–75.
Turner, P. (2005). Unification of digital evidence from disparate sources (Digital Evidence Bags). Digital Investigation, 2(3), 223–228.
Turner, P. (2007). Applying a forensic approach to incident response, network investigation and system administration using Digital Evidence Bags. Digital Investigation, 4(1), 30–35.
UNODC. (2011). United Nations office on drugs and crime–Criminal intelligence manual for analysts. New York, Vienna, Austria: United Nations.
van Baar, R.B., van Beek, H. M. A., & van Eijk, E. J. (2014). Digital forensics as a service: A game changer. Digital Investigation, 11(Suppl. 1, no. 0), S54–S62.
Vidas, T., Kaplan, B., & Geiger, M. (2014). OpenLV: Empowering investigators and first-responders in the digital forensics process. Digital Investigation, 11(Suppl. 1, no. 0), S45–S53.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2018 The Author(s)
About this chapter
Cite this chapter
Quick, D., Choo, KK. (2018). Data Reduction and Data Mining Frame-Work. In: Big Digital Forensic Data. SpringerBriefs on Cyber Security Systems and Networks. Springer, Singapore. https://doi.org/10.1007/978-981-10-7763-0_3
Download citation
DOI: https://doi.org/10.1007/978-981-10-7763-0_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7762-3
Online ISBN: 978-981-10-7763-0
eBook Packages: Computer ScienceComputer Science (R0)