Title :
From digital forensic report to Bayesian network representation
Author :
Lee, Robert ; Lang, Sheau-Dong ; Stenger, Kevin
Author_Institution :
Sch. of Electr. Eng. & Comput. Sci., Univ. of Central Florida, Orlando, FL, USA
Abstract :
Computer (digital) forensic examiners typically write a report to document the examination process, including tools used, major processing steps, summary of the findings, and a detailed listing of relevant evidence (files, artifacts) exported to external media (CD, DVD, hard copy) for the case investigator or attorney. However, proper interpretation of the significance of extracted evidence often requires additional consultation with the examiner. This paper proposes a practical methodology for transforming the findings in typical forensic reports to a graphical representation using Bayesian networks (BNs). BNs offer the following advantages: (1) Delineate the cause-effect relationship among relevant pieces of evidence described in the report; and (2) Use probability and established Bayesian inference rules to deal with uncertainty of digital evidence. A realistic forensic report is used to demonstrate this methodology.
Keywords :
belief networks; security of data; Bayesian network representation; computer forensic examiners; digital forensic report; graphical representation; typical forensic reports; Bayesian methods; Computer crime; Computer networks; Computer science; DVD; Digital forensics; Hidden Markov models; Motion pictures; Testing; Uncertainty; Bayesian networks; computer forensics; digital evidence; digital forensics; forensic report;
Conference_Titel :
Intelligence and Security Informatics, 2009. ISI '09. IEEE International Conference on
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4244-4171-6
Electronic_ISBN :
978-1-4244-4173-0
DOI :
10.1109/ISI.2009.5137330
