The task of analysis within the digital forensic investigation life-cycle is examined and the support provided for its constituent activities by a representative sample of forensic tools evaluated. It is suggested that the core activity of analysis (i.e. the derivation of a testable high-level hypothesis or narrative of user behaviour) is a creative activity which depends primarily on the experience of the digital forensic analyst. Such activity is thus difficult to formalise and difficult to support with tools. It is further reasoned that the interactive and exploratory nature of data-visualization (data-viz) is synergistic with the problem and thus provides a suitable basis for the provision of analytical tool support.
|Title of host publication||Issues in cybercrime, security and digital forensics|
|Subtitle of host publication||proceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2012)|
|Editors||George R. S. Weir, Ameer Al-Nemrat|
|Place of Publication||London|
|Publisher||University of East London|
|Number of pages||12|
|Publication status||Published - May 2012|
|Event||2nd International Conference on Cybercrime, Security and Digital Forensics - University of East London, London, United Kingdom|
Duration: 14 May 2012 → 15 May 2012
Conference number: 2
|Conference||2nd International Conference on Cybercrime, Security and Digital Forensics|
|Abbreviated title||Cyberforensics 2012|
|Period||14/05/12 → 15/05/12|
Hales, G., Ferguson, R. I., & Archibald, J. (2012). On the use of data visualization techniques to support digital forensic analysis: a survey of current approaches. In G. R. S. Weir, & A. Al-Nemrat (Eds.), Issues in cybercrime, security and digital forensics: proceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2012) (pp. 121-132). University of East London.