This book provides an in-depth understanding of big data challenges to digital forensic investigations, also known as big digital forensic data. It also develops the basis of using data mining in big forensic data analysis, including data reduction, knowledge management, intelligence, and data mining principles to achieve faster analysis in digital forensic investigations. By collecting and assembling a corpus of test data from a range of devices in the real world, it outlines a process of big data reduction, and evidence and intelligence extraction methods. Further, it includes the experimental results on vast volumes of real digital forensic data. The book is a valuable resource for digital forensic practitioners, researchers in big data, cyber threat hunting and intelligence, data mining and other related areas.
|
|
|
1 | (4) |
|
|
|
4 | (1) |
|
2 Background and Literature Review |
|
|
5 | (42) |
|
|
|
6 | (1) |
|
|
|
7 | (5) |
|
|
|
12 | (4) |
|
|
|
16 | (1) |
|
|
|
17 | (14) |
|
|
|
18 | (4) |
|
2.5.2 Data Reduction and Subsets |
|
|
22 | (6) |
|
|
|
28 | (3) |
|
2.6 Other Proposed Solutions to the Data Volume Challenge |
|
|
31 | (4) |
|
|
|
35 | (3) |
|
|
|
38 | (9) |
|
|
|
40 | (7) |
|
3 Data Reduction and Data Mining Frame-Work |
|
|
47 | (22) |
|
|
|
48 | (6) |
|
3.2 Proposed Digital Forensic Data Reduction and Data Mining Framework |
|
|
54 | (6) |
|
3.3 Pilot Study Preliminary Findings |
|
|
60 | (3) |
|
|
|
63 | (1) |
|
|
|
64 | (5) |
|
|
|
65 | (4) |
|
4 Digital Forensic Data Reduction by Selective Imaging |
|
|
69 | (24) |
|
4.1 Digital Forensic Data Reduction by Selective Imaging |
|
|
69 | (13) |
|
4.1.1 Load or Mount Forensic Image or Connect Physical Device |
|
|
76 | (1) |
|
|
|
76 | (1) |
|
4.1.3 Filters for Subset Files |
|
|
77 | (1) |
|
4.1.4 File System Filters |
|
|
77 | (1) |
|
4.1.5 Operating System Filters |
|
|
77 | (1) |
|
4.1.6 Software and Applications Filters |
|
|
78 | (1) |
|
|
|
78 | (1) |
|
4.1.8 Review of Large Files |
|
|
79 | (1) |
|
4.1.9 Excluded File Types and Overwritten Files and Data |
|
|
79 | (1) |
|
4.1.10 File and Data List (Spreadsheet) Report |
|
|
79 | (1) |
|
4.1.11 Video Thumbnails Method |
|
|
80 | (1) |
|
4.1.12 Picture Dimension Reduction |
|
|
81 | (1) |
|
|
|
81 | (1) |
|
4.2 Test Data Application and Results |
|
|
82 | (1) |
|
4.3 Application to Real World Digital Forensic Case Data |
|
|
83 | (5) |
|
4.3.1 Real World Data Subset Reduction |
|
|
83 | (2) |
|
4.3.2 Real World Data---Video Thumbnailing |
|
|
85 | (1) |
|
4.3.3 Real World Data---Case Examples and Post Case Analysis |
|
|
85 | (3) |
|
4.3.4 Real World Data---Cross Case Analysis |
|
|
88 | (1) |
|
4.3.5 Real World Data---Failing Hard Disk Drives |
|
|
88 | (1) |
|
|
|
88 | (3) |
|
|
|
91 | (2) |
|
|
|
91 | (2) |
|
5 Summary of the Framework and DRbSI |
|
|
93 | |
|
|
|
94 | |
|
|
|
96 | |
Dr. Darren Quick is a Senior Intelligence Technologist with the Australian Department of Home Affairs and a former Digital Forensic Investigator with the Australian Border Force, and previously an Electronic Evidence Specialist with the South Australia Police. He has undertaken over 650 digital forensic investigations involving many thousands of digital evidence items. In 2012 Darren was awarded membership of the Golden Key International Honour Society, in 2014 he received a Highly Commended award from the Australian National Institute of Forensic Science, and in 2015 received the Publication of the Year award from the Australian Institute of Professional Intelligence Officers.
Dr. Kim-Kwang Raymond Choo holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio, is an adjunct associate professor at the University of South Australia, a fellow of the Australian Computer Society, and a senior member of IEEE. He and his team wonthe Digital Forensics Research Challenge 2015 organized by Germany's University of Erlangen-Nuremberg, and he is the recipient of various awards including the ESORICS 2015 Best Paper Award, the 2014 Highly Commended Award from the Australia New Zealand Policing Advisory Agency, Fulbright Scholarship in 2009, the 2008 Australia Day Achievement Medallion, and the British Computer Society's Wilkes Award in 2008.
