Hypothesis Generation and Testing in Event Profiling for Digital Forensic Investigations

Using Hypothesis Generation in Event Profiling for Digital Forensic Investigations

The traditional manual approach to the investigation of digital data is no longer feasible as the amount of data which can be saved on hard drives grows out of control. In addition, it is usually necessary to consider data across extensive networks of devices in order to obtain a realistic picture of an investigation and ensure that no evidence is overlooked. The need for an automated approach ...

Hypothesis Generation and Testing in Event Profiling for Digital Forensic Investigations

The need for an automated approach to forensic digital investigation has been recognized for some years, and several authors have developed frameworks in this direction. The aim of this paper is to assist the forensic investigator with the generation and testing of hypotheses in the analysis phase. In doing so, the authors present a new architecture which facilitates the move to automation of t...

Using Relationship-Building in Event Profiling for Digital Forensic Investigations

In a forensic investigation, computer profiling is used to capture evidence and to examine events surrounding a crime. A rapid increase in the last few years in the volume of data needing examination has led to an urgent need for automation of profiling. In this paper, we present an efficient, automated event profiling approach to a forensic investigation for a computer system and its activity ...

A Hypothesis - Based Approach to Digital Forensic Investigations

Carrier, Brian D. Ph.D., Purdue University, May, 2006. A Hypothesis-Based Approach to Digital Forensic Investigations. Major Professor: Eugene H. Spafford. This work formally defines a digital forensic investigation and categories of analysis techniques. The definitions are based on an extended finite state machine (FSM) model that was designed to include support for removable devices and compl...

eDiscovery in digital forensic investigations