Measuring Evidential Weight in Digital Forensic Investigations

This chapter describes a method for obtaining a quantitative measure of the relative weight of each individual item of evidence in a digital forensic investigation using a Bayesian network. The resulting evidential weights can then be used to determine a near-optimal, cost-effective triage scheme for the investigation in question.

[1]  Richard E. Overill,et al.  Evaluation of Evidence in Internet Auction Fraud Investigations , 2010, IFIP Int. Conf. Digital Forensics.

[2]  Kam-Pui Chow,et al.  Reasoning About Evidence Using Bayesian Networks , 2012, IFIP Int. Conf. Digital Forensics.

[3]  Fred Cohen,et al.  Toward a Science of Digital Forensic Evidence Examination , 2010, IFIP Int. Conf. Digital Forensics.

[4]  Richard E. Overill,et al.  A Cost-Effective Model for Digital Forensic Investigations , 2009, IFIP Int. Conf. Digital Forensics.

[5]  Judea Pearl,et al.  Chapter 2 – BAYESIAN INFERENCE , 1988 .

[6]  F. Cohen Digital Forensic Evidence Examination , 2009 .

[7]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[8]  Richard E. Overill,et al.  Sensitivity Analysis of a Bayesian Network for Reasoning about Digital Forensic Evidence , 2010, 2010 3rd International Conference on Human-Centric Computing.