On the use of data visualization techniques to support digital forensic analysis: a survey of current approaches

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The task of analysis within the digital forensic investigation life-cycle is examined and the support provided for its constituent activities by a representative sample of forensic tools evaluated. It is suggested that the core activity of analysis (i.e. the derivation of a testable high-level hypothesis or narrative of user behaviour) is a creative activity which depends primarily on the experience of the digital forensic analyst. Such activity is thus difficult to formalise and difficult to support with tools. It is further reasoned that the interactive and exploratory nature of data-visualization (data-viz) is synergistic with the problem and thus provides a suitable basis for the provision of analytical tool support.
Original languageEnglish
Title of host publicationIssues in cybercrime, security and digital forensics
Subtitle of host publicationproceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2012)
EditorsGeorge R. S. Weir, Ameer Al-Nemrat
Place of PublicationLondon
PublisherUniversity of East London
Pages121-132
Number of pages12
ISBN (Print)9780947649852
Publication statusPublished - May 2012
Event2nd International Conference on Cybercrime, Security and Digital Forensics - University of East London, London, United Kingdom
Duration: 14 May 201215 May 2012
Conference number: 2

Conference

Conference2nd International Conference on Cybercrime, Security and Digital Forensics
Abbreviated titleCyberforensics 2012
CountryUnited Kingdom
CityLondon
Period14/05/1215/05/12

Fingerprint

visualization
life cycle
narrative
experience

Cite this

Hales, G., Ferguson, R. I., & Archibald, J. (2012). On the use of data visualization techniques to support digital forensic analysis: a survey of current approaches. In G. R. S. Weir, & A. Al-Nemrat (Eds.), Issues in cybercrime, security and digital forensics: proceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2012) (pp. 121-132). London: University of East London.
Hales, Gavin ; Ferguson, R. Ian ; Archibald, Jacqueline. / On the use of data visualization techniques to support digital forensic analysis : a survey of current approaches. Issues in cybercrime, security and digital forensics: proceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2012). editor / George R. S. Weir ; Ameer Al-Nemrat. London : University of East London, 2012. pp. 121-132
@inproceedings{78804ffc55b84e2d8780c9bebeb5c99a,
title = "On the use of data visualization techniques to support digital forensic analysis: a survey of current approaches",
abstract = "The task of analysis within the digital forensic investigation life-cycle is examined and the support provided for its constituent activities by a representative sample of forensic tools evaluated. It is suggested that the core activity of analysis (i.e. the derivation of a testable high-level hypothesis or narrative of user behaviour) is a creative activity which depends primarily on the experience of the digital forensic analyst. Such activity is thus difficult to formalise and difficult to support with tools. It is further reasoned that the interactive and exploratory nature of data-visualization (data-viz) is synergistic with the problem and thus provides a suitable basis for the provision of analytical tool support.",
author = "Gavin Hales and Ferguson, {R. Ian} and Jacqueline Archibald",
year = "2012",
month = "5",
language = "English",
isbn = "9780947649852",
pages = "121--132",
editor = "Weir, {George R. S.} and Ameer Al-Nemrat",
booktitle = "Issues in cybercrime, security and digital forensics",
publisher = "University of East London",

}

Hales, G, Ferguson, RI & Archibald, J 2012, On the use of data visualization techniques to support digital forensic analysis: a survey of current approaches. in GRS Weir & A Al-Nemrat (eds), Issues in cybercrime, security and digital forensics: proceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2012). University of East London, London, pp. 121-132, 2nd International Conference on Cybercrime, Security and Digital Forensics, London, United Kingdom, 14/05/12.

On the use of data visualization techniques to support digital forensic analysis : a survey of current approaches. / Hales, Gavin; Ferguson, R. Ian; Archibald, Jacqueline.

Issues in cybercrime, security and digital forensics: proceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2012). ed. / George R. S. Weir; Ameer Al-Nemrat. London : University of East London, 2012. p. 121-132.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - On the use of data visualization techniques to support digital forensic analysis

T2 - a survey of current approaches

AU - Hales, Gavin

AU - Ferguson, R. Ian

AU - Archibald, Jacqueline

PY - 2012/5

Y1 - 2012/5

N2 - The task of analysis within the digital forensic investigation life-cycle is examined and the support provided for its constituent activities by a representative sample of forensic tools evaluated. It is suggested that the core activity of analysis (i.e. the derivation of a testable high-level hypothesis or narrative of user behaviour) is a creative activity which depends primarily on the experience of the digital forensic analyst. Such activity is thus difficult to formalise and difficult to support with tools. It is further reasoned that the interactive and exploratory nature of data-visualization (data-viz) is synergistic with the problem and thus provides a suitable basis for the provision of analytical tool support.

AB - The task of analysis within the digital forensic investigation life-cycle is examined and the support provided for its constituent activities by a representative sample of forensic tools evaluated. It is suggested that the core activity of analysis (i.e. the derivation of a testable high-level hypothesis or narrative of user behaviour) is a creative activity which depends primarily on the experience of the digital forensic analyst. Such activity is thus difficult to formalise and difficult to support with tools. It is further reasoned that the interactive and exploratory nature of data-visualization (data-viz) is synergistic with the problem and thus provides a suitable basis for the provision of analytical tool support.

M3 - Conference contribution

SN - 9780947649852

SP - 121

EP - 132

BT - Issues in cybercrime, security and digital forensics

A2 - Weir, George R. S.

A2 - Al-Nemrat, Ameer

PB - University of East London

CY - London

ER -

Hales G, Ferguson RI, Archibald J. On the use of data visualization techniques to support digital forensic analysis: a survey of current approaches. In Weir GRS, Al-Nemrat A, editors, Issues in cybercrime, security and digital forensics: proceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2012). London: University of East London. 2012. p. 121-132