Top

Published in:

2018 | OriginalPaper | Chapter

3. Data Reduction and Data Mining Frame-Work

Authors : Darren Quick, Kim-Kwang Raymond Choo

Published in: Big Digital Forensic Data

Publisher: Springer Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

As highlighted in Chap. 2, there is a need for a methodology and framework for data reduction and data mining of digital forensic data. This chapter outlines the digital forensic data reduction and data mining framework, which endeavours to expand the process used for traditional forensic computer analysis to include data reduction, data mining, and input from external source data. This serves to expand common digital forensic frameworks, to be applicable when dealing with a large volume of digital forensic data.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Background and Literature Review

next chapter Digital Forensic Data Reduction by Selective Imaging

https://www.engadget.com/2016/07/19/seagate-unveils-a-10tb-hard-drive-for-your-home-pc/.

Abraham, T. (2006). Event sequence mining to develop profiles for computer forensic investigation purposes. In ACSW Frontiers ‘06: Proceedings of the 2006 Australasian Workshops on Grid Computing and E-Research (pp. 145–153).

ACPO. (2006). Good practice guidelines for computer based evidence v4.0, Association of Chief Police Officers viewed 5 March 2014, www.7safe.com/electronic_evidence.

Alink, W., Bhoedjang, R. A. F., Boncz, P. A., & de Vries, A. P. (2006). XIRAF–XML-based indexing and querying for digital forensics. Digital Investigation, 3(Suppl. 0), 50–58.CrossRef

Alzaabi, M., Jones, A., & Martin, T. A. (2013). An ontology-based forensic analysis tool. Journal of Digital Forensics, Security and Law, 2013(Conference Supplement), 121–135.

Beebe, N. (2009). Digital forensic research: The good, the bad and the unaddressed. In Advances in digital forensics (pp. 17–36). Springer.CrossRef

Beebe, N., & Clark, J. (2005). Dealing with terabyte data sets in digital investigations. In Advances in digital forensics (pp. 3–16).

Best_Buy. (2013). WD–My Book Essential 3 TB External USB 3.0/2.0 Hard Drive–Black, viewed 11 August 2013, http://www.bestbuy.com/site/WD—My-Book-Essential-3TB-External-USB-3.0/2.0-Hard-Drive—Black/1261281.p?id=1218244145647&skuId=1261281.

Bhoedjang, R. A. F., van Ballegooij, A. R., van Beek, H. M. A., van Schie, J. C., Dillema, F. W., van Baar, R. B., et al. (2012). Engineering an online computer forensic service. Digital Investigation, 9(2), 96–108.CrossRef

Brown, R., Pham, B., & de Vel, O. (2005). Design of a digital forensics image mining system. In Knowledge-based intelligent information and engineering systems (pp. 395–404).

Bunting, S., & Wei, W. (2006). EnCase computer forensics: The official EnCE: EnCaseCertified examiner study guide. Indianapolis, IN: Wiley.

Carrier, B. (2005). File system forensic analysis. NJ: Addison-Wesley Boston.

Carvey, H. (2011). Windows registry forensics: Advanced digital forensic analysis of the windows registry. Elsevier.

Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Elsevier.

FBI_RCFL. (2003–2012). FBI Regional Computer Forensic Laboratory Annual Reports 2003–2012, FBI, Quantico.

Ferraro, M. M., & Russell, A. (2004). Current issues confronting well-established computer-assisted child exploitation and computer crime task forces. Digital Investigation, 1(1), 7–15.CrossRef

Garfinkel, S. (2006a). Forensic feature extraction and cross-drive analysis. Digital Investigation, 3, 71–81.CrossRef

Garfinkel, S. (2006b). Forensic feature extraction and cross-drive analysis. Digital Investigation, 3(Suppl. 0), 71–81.CrossRef

Garfinkel, S. (2010) Digital forensics research: The next 10 years. Digital Investigation, 7(Suppl. 0), S64–S73.CrossRef

Garfinkel, S., Farrell, P., Roussev, V., & Dinolt, G. (2009). Bringing Science to Digital Forensics with Standardized Forensic Corpora, DFRWS 2009, Montreal, Canada, DFRWS 2009, Montreal, Canada, viewed 9 September, http://digitalcorpora.org/corpora/disk-images.CrossRef

Giri. (2012). EMC Isilon 15 PB Storage system, Giri Infrastructure, viewed 11 August, http://giriinfrastructure.blogspot.com.au/2012/01/emc-isilon-15pb-storage-system.html.

Greiner, L. (2009). Sniper forensics. NetWorker, 13(4), 8–10.CrossRef

Hoelz, B., Ralha, C., & Geeverghese, R. (2009). Artificial intelligence applied to computer forensics. In SAC ‘09: Proceedings of the 2009 ACM Symposium on Applied Computing (pp. 883–888). ACM.

Huang, J., Yasinsac, A., & Hayes, P. J. (2010). Knowledge sharing and reuse in digital forensics. In 2010 fifth IEEE international workshop on systematic approaches to digital forensic engineering (SADFE) (pp. 73–78) IEEE.

Justice, UDo. (2016). Office of the Inspector General. Audit of the Federal Bureau of Investigation’s New Jersey Regional Computer Forensic Laboratory, https://oig.justice.gov/reports/2016/a1611.pdf.

Kenneally, E., & Brown, C. (2005). Risk sensitive digital evidence collection. Digital Investigation, 2(2), 101–119.CrossRef

Lee, J., Un, S., & Hong, D. (2008). High-speed search using Tarari content processor in digital forensics. Digital Investigation, 5, S91–S95.CrossRef

Marziale, L., Richard, G., & Roussev, V. (2007). Massive threading: Using GPUs to increase the performance of digital forensics tools. Digital Investigation, 4, 73–81.CrossRef

McKemmish, R. (1999), What is forensic computing?

Nance, K., Hay, B., & Bishop, M. (2009) Digital forensics: Defining a research agenda. In 42nd Hawaii international conference on system sciences, 2009, HICSS’09 (pp. 1–6). IEEE.

NIJ. (2004). Forensic examination of digital evidence: A guide for law enforcement, http://nij.gov/nij/pubs-sum/199408.htm.

NIJ. (2008). Electronic crime scene investigation: A guide for first responders (2nd ed.), http://www.nij.gov/pubs-sum/219941.htm.

Palmer, G. (2001). A road map for digital forensic research. In Report from the first digital forensic research workshop (DFRWS), August 7–8, 2001.

Parsonage, H. (2009). Computer Forensics Case Assessment and Triage - some ideas for discussion, viewed 4 August, http://computerforensics.parsonage.co.uk/triage/triage.htm.

Pollitt, M. M. (2013). Triage: A practical solution or admission of failure. Digital Investigation, 10(2), 87–88.CrossRef

Pringle, N., & Sutherland, I. (2008). Is a computational grid a suitable platform for high performance digital forensics? In Proceedings of the 7th European Conference on Information Warfare and Security (p. 175). Academic Conferences Limited.

Quarnby, N., & Young, L. J. (2010). Managing intelligence–The art of influence. Sydney, Australia: The Federation Press.

Quick, D., & Choo, K. (2013a). Dropbox analysis: Data remnants on user machines. Digital Investigation, 10(1), 3–18.CrossRef

Quick, D., & Choo, K. (2013b). Digital Droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), 1378–1394.CrossRef

Quick, D., & Choo, K.-K. R. (2013c). Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Digital Investigation, 10(3), 266–277.CrossRef

Quick, D., & Choo, K.-K. R. (2014). Google drive: Forensic analysis of data remnants. J. Network and Computer Applications, 40, 179–193.CrossRef

Quick, D., Martini, B., & Choo, K.-K. R. (2014). Cloud storage forensics. Syngress: An Imprint of Elsevier.

Raghavan, S. (2013). Digital forensic research: Current state of the art. CSI Transactions on ICT, 1(1), 91–114.CrossRef

Raghavan, S., Clark, A., & Mohay, G. (2009). FIA: An open forensic integration architecture for composing digital evidence. In Forensics in telecommunications, information and multimedia (pp. 83–94). Springer.

Ratcliffe, J. (2003). Intelligence-led policing. Trends and Issues in Crime and Criminal Justice, 248, 1–6.

Reyes, A., Oshea, K., Steele, J., Hansen, J., Jean, B., & Ralph, T. (2007). Digital forensics and analyzing data (pp. 219–259). Cyber Crime Investigations: Elsevier.

Richard, G., & Roussev, V. (2006). Next-generation digital forensics. Commun ACM, 49(2), 76–80.CrossRef

Roussev, V., & Richard, G. (2004). Breaking the performance wall: The case for distributed digital forensics. In Proceedings of the 2004 Digital Forensics Research Workshop.

Schatz, B., & Clark, A. J. (2006). An open architecture for digital evidence integration. In AusCERT Asia Pacific information technology security conference, 21–26 May 2006.

Shannon, M. (2004). Forensic relative strength scoring: ASCII and entropy scoring. International Journal of Digital Evidence, 2(4), 151–169.

Sheldon, A. (2005). The future of forensic computing. Digital Investigation: The International Journal of Digital Forensics and Incident Response, 2(1), 31–35.CrossRef

Shiaeles, S., Chryssanthou, A., & Katos, V. (2013). On-scene triage open source forensic tool chests: Are they effective? Digital Investigation, 10(2), 99–115.CrossRef

Suleman, K. (2011). EMC World 2011: Isilon debuts 15 PB NAS single file storage system, V3.co.uk, viewed 11 August, http://www.v3.co.uk/v3-uk/news/2069388/emc-world-2011-isilon-debuts-15pb-nas-single-file-storage.

Teelink, S., & Erbacher, R. (2006). Improving the computer forensic analysis process through visualization. Communication of ACM, 49(2), 71–75.CrossRef

Turner, P. (2005). Unification of digital evidence from disparate sources (Digital Evidence Bags). Digital Investigation, 2(3), 223–228.CrossRef

Turner, P. (2007). Applying a forensic approach to incident response, network investigation and system administration using Digital Evidence Bags. Digital Investigation, 4(1), 30–35.CrossRef

UNODC. (2011). United Nations office on drugs and crime–Criminal intelligence manual for analysts. New York, Vienna, Austria: United Nations.

van Baar, R.B., van Beek, H. M. A., & van Eijk, E. J. (2014). Digital forensics as a service: A game changer. Digital Investigation, 11(Suppl. 1, no. 0), S54–S62.CrossRef

Vidas, T., Kaplan, B., & Geiger, M. (2014). OpenLV: Empowering investigators and first-responders in the digital forensics process. Digital Investigation, 11(Suppl. 1, no. 0), S45–S53.CrossRef

Title: Data Reduction and Data Mining Frame-Work
Authors: Darren Quick
Kim-Kwang Raymond Choo
Publisher: Springer Singapore
Book: Big Digital Forensic Data
Print ISBN: 978-981-10-7762-3

Electronic ISBN: 978-981-10-7763-0

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-981-10-7763-0_3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner