Visualizing Digital Forensic Datasets: A Proof of Concept

Digital forensic visualization is an understudied area despite its potential to achieve significant improvements in the efficiency of an investigation, criminal or civil. In this study, a three‐stage forensic data storage and visualization life cycle is presented. The first stage is the decoding of data, which involves preparing both structured and unstructured data for storage. In the storage stage, data are stored within our proposed database schema designed for ensuring data integrity and speed of storage and retrieval. The final stage is the visualization of stored data in a manner that facilitates user interaction. These functionalities are implemented in a proof of concept to demonstrate the utility of the proposed life cycle. The proof of concept demonstrates the utility of the proposed approach for the storage and visualization of digital forensic data.

[1]  D Lawton,et al.  eDiscovery in digital forensic investigations , 2014 .

[2]  W. Alinka,et al.  XIRAF – XML-based indexing and querying for digital forensics , 2016 .

[3]  Steven Furnell,et al.  Towards An Automated Forensic Examiner (AFE) Based Upon Criminal Profiling & Artificial Intelligence , 2013 .

[4]  Kim-Kwang Raymond Choo,et al.  Big forensic data management in heterogeneous distributed systems: quick analysis of multimedia forensic data , 2017, Softw. Pract. Exp..

[5]  Tim Storer,et al.  An empirical comparison of data recovered from mobile forensic toolkits , 2013, Digit. Investig..

[6]  Breaking the Performance Wall: The Case for Distributed Digital Forensics , 2004 .

[7]  E. J. van Eijk,et al.  Digital Forensics as a Service: A game changer , 2014, Digit. Investig..

[8]  Jill Slay,et al.  The "Explore, Investigate and Correlate' (EIC) Conceptual Framework for Digital Forensics Information Visualisation , 2010, 2010 International Conference on Availability, Reliability and Security.

[9]  Benjamin Turnbull,et al.  Enhancing Computer Forensics Investigation through Visualisation and Data Exploitation , 2009, 2009 International Conference on Availability, Reliability and Security.

[10]  Daniel Ayers,et al.  A second generation computer forensic analysis system , 2009, Digit. Investig..

[11]  Alex van Ballegooij,et al.  Engineering an online computer forensic service , 2012, Digit. Investig..

[12]  Troy O’Malley Forensic informatics enabling forensic intelligence , 2015 .

[13]  Kim-Kwang Raymond Choo,et al.  Impacts of increasing volume of digital forensic data: A survey and future research challenges , 2014, Digit. Investig..

[14]  Rodney McKemmish,et al.  When is Digital Evidence Forensically Sound? , 2008, IFIP Int. Conf. Digital Forensics.

[15]  M. P. F. C. A. J. Sammes BSc,et al.  Forensic Computing , 2000, Practitioner Series.

[16]  Eoghan Casey,et al.  Leveraging CybOX™ to standardize representation and exchange of digital forensic information , 2015, Digit. Investig..

[17]  Nasir Memon,et al.  InVEST: Intelligent visual email search and triage , 2016 .

[18]  Rodney McKemmish,et al.  What is forensic computing , 1999 .

[19]  Kim-Kwang Raymond Choo,et al.  Forensic Visualization: Survey and Future Research Directions , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[20]  Kim-Kwang Raymond Choo,et al.  Pervasive social networking forensics: Intelligence and evidence from mobile device extracts , 2017, J. Netw. Comput. Appl..

[21]  Kim-Kwang Raymond Choo,et al.  Big forensic data reduction: digital forensic images and electronic evidence , 2016, Cluster Computing.

[22]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[23]  Andreas Reuter,et al.  Principles of transaction-oriented database recovery , 1983, CSUR.

[24]  Kim-Kwang Raymond Choo,et al.  framework for digital forensic evidence : Storage , intelligence , review and archive , 2014 .