Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive
Date
2014
Authors
Quick, D.
Choo, K.K.R.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Journal article
Citation
Trends and Issues in Crime and Criminal Justice, 2014; (480):1-11
Statement of Responsibility
Conference Name
Abstract
The volume of digital forensic evidence is rapidly increasing,leading to large backlogs. In this paper,a Digital Forensic Data Reduction and Data Mining Framework is proposed.Initial research with sample data from South Australia Police Electronic Crime Section and Digital Corpora Forensic Images using the proposed framework resulted in significant reduction in the storage requirements—the reduced subset is only 0.196 percent and 0.75 percent respectively of the original data volume. The framework outlined is not suggested to replace full analysis, but serves to provide a rapid triage, collection,intelligence analysis, review and storage methodology to support the various stages of digital forensic examinations.Agencies that can undertake rapid assessment of seized data can more effectively target specific criminal matters.The framework may also provide a greater potential intelligence gain from analysis of current and historical data in a timely manner, and the ability toundertake research of trends over time.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2014 Australian Institute of Criminology