Relevance Feedback Optimization for Digital Forensic Investigations
The British University in Dubai (BUiD)
Digital forensics deals with the use of tools and techniques to preserve, identify, extract, document, and interpret any data stored or transmitted using a digital system. It is usually used to help support or refute a theory, for the occurrence of an offense or crime, or it might indicate intent or alibi. There are many challenges when it comes to the forensics discipline of digital evidence, and the sheer amount of data found on modern digital devices is one of them. In today’s society, it became the norm for one individual to own multiple digital devices with large storage capacities. If that individual was part of a group of people accused of a certain crime, the end result would be a large amount of data, possibly in Terabytes. Furthermore, such data would usually need to be investigated for evidence in a limited window of time. Digital forensic laboratories that rely on traditional forensic tools usually lack the resources required to handle the size of data found on digital devices today. The work presented in this thesis can be seen as a step forward into enhancing digital forensics investigations by optimizing the investigator’s relevancy feedback. The study proposes a framework that integrates different text processing and mining techniques to assist the examiner reach useful information faster. The framework has been implemented and evaluated using a real world crime dataset of Arabic text. A Proof-of-Concept implementation was evaluated by experienced senior digital forensics examiners. The results showed a good improvement in the average recall-precision rates and a reduction of the required time to complete the tasks by 53% over the time spent using traditional tools.
Digital forensic science., Computer crimes -- Investigation.