Title :
Fast User Classifying to Establish Forensic Analysis Priorities
Author :
Grillo, Antonio ; Lentini, Alessandro ; Me, Gianluigi ; Ottoni, Matteo
Author_Institution :
Dept. of Comput. Sci., Syst. & Production, Univ. of Tor Vergata, Rome, Italy
Abstract :
In computer and common crimes, important evidence or clues are increasingly stored in the computers hard disks. The huge and increasing penetration of computers in the daily life together with a considerable increase of storage capacity in mass-market computers, pose, currently, new challenges to forensic operators. Usually a digital forensic investigator has to spend a lot of time in order to find documents, clues or evidence related to the investigation among the huge amount of data extracted from one or more sized hard drive. In particular, the seized material could be very huge, and, very often, only few devices are considered relevant for the investigation. In this paper we propose a methodology and a tool to support a fast computer user profiling via a classification into investigator-defined categories in order to quickly classify the seized computer user. The main purpose of the methodology discussed is to define the class of the user in order to establish an effective schedule with priorities based on the computer user content.
Keywords :
computer crime; forensic science; pattern classification; clues; common crimes; computer crimes; computer user profiling; computers hard disks; digital forensic investigator; evidence; forensic analysis priorities; investigator-defined categories; user classification; Computer crime; Computer science; Data mining; Digital forensics; Drives; Information analysis; Machine learning; Military computing; Processor scheduling; Production systems; classification; fast analysis; priority;
Conference_Titel :
IT Security Incident Management and IT Forensics, 2009. IMF '09. Fifth International Conference on
Conference_Location :
Stuttgart
Print_ISBN :
978-0-7695-3807-5
DOI :
10.1109/IMF.2009.16
