Computer Forensics using Bayesian Network: A Case Study

Like the traditional forensics, computer forensics involves formulation of hypotheses grounding on the available evidence or facts. Though digital evidence has been statutory witnesses for a span of time, it is a controversial issue that conclusions drawn from revealed digital evidence are subjective views without scientific justifications. There is an escalating perception that computer forensics is just the subjective conclusion of computer professionals. The purpose of this paper is to present a reasoning model based on the probability distribution in a Bayesian Network. By setting out probability distributions over hypotheses for computer forensics analyses, we hope to quantify the evidential strengths of such hypotheses, and thereby enhance the reliability and traceability on the analytical results of computer forensics examinations. To study the validity of the proposed model, a real court case about BT technology has been fitted to the calculations. In order to detach the subjective views, a survey was carried out to collect the expertise of 31 experienced law enforcement agencies. Their responses were aggregated to generate some more objective assignments to the prior probabilities to be used. The outcome demonstrates a high propagated probability of 92.7%, which is in accordance with the actual court verdict of guilty. That presents computer forensics a real scientific science with quantifiable analyses.