Social Network Visualization for Forensic Investigation of E-mail

E-mail features as a key technology for both the dissemination of information and for social networking. Given the volume of e-mail transmission combined with access opportunities, it is not surprising that e-mails feature heavily during a digital forensics investigation. In these investigations, forensic examiners require an understanding of the social networks to which the suspect belongs for both analyzing the event(s) under investigation and to further exploit potential sources of evidence or other suspects. This paper makes use of visual analytic and social network techniques for digital forensics investigations involving e-mail. We present a novel approach, the E-mail Extraction Tool (EET), for automated visualization of client-based e-mail applications and exploring the social networks that these will reveal to the investigator. The case study presented in the paper demonstrates the applicability of the approach to digital forensics investigations.

[1]  Ungsik Kim Analysis of Personal Email Networks using Spectral Decomposition , 2007 .

[2]  Danah Boyd,et al.  Digital artifacts for remembering and storytelling: posthistory and social network fragments , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[3]  Jarek Nieplocha,et al.  Scalable Visual Analytics of Massive Textual Datasets , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[4]  Vladimir Batagelj,et al.  Centrality in Social Networks , 1993 .

[5]  Wei Wang,et al.  Building evidence graphs for network forensics analysis , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[6]  Chris Buzelli,et al.  Next-Generation DIGITAL FORENSICS , 2006 .

[7]  D. Gresty,et al.  Determining Culpability in Investigations of Malicious E-mail Dissemination within the Organisation , 2008, 2008 Third International Annual Workshop on Digital Forensics and Incident Analysis.

[8]  Gang Wang,et al.  Crime data mining: a general framework and some examples , 2004, Computer.

[9]  Daniel A. Keim,et al.  European Research Forum Panel Session Envisioning Research Challenges in Visual Analytics , 2006, Tenth International Conference on Information Visualisation (IV'06).

[10]  E. Lawler,et al.  Commitment in exchange relations : test of a theory of relational cohesion , 1996 .

[11]  Vladimir Batagelj,et al.  Exploratory Social Network Analysis with Pajek , 2005 .

[12]  Giuseppe Carenini,et al.  Discovery and regeneration of hidden emails , 2005, SAC '05.