Inbook
On the Benefits of Information Retrieval and Information Extraction Techniques Applied to Digital Forensics
Contribution Summary
This paper examines the potential of Information Retrieval (IR) and Information Extraction (IE) techniques to improve the efficiency and effectiveness of digital forensics investigations. The authors discuss the benefits of cloud-based digital forensic investigation platforms, which enable the application of sophisticated automated techniques to reduce manual workload and expedite evidence processing. They highlight the importance of precision and recall in different stages of an investigation, noting that precision is crucial in early stages to quickly identify relevant evidence, while recall is essential in later stages to ensure that all relevant evidence is identified. The authors also discuss the potential of IR and IE techniques, such as named entity extraction, association rule mining, and temporal information extraction, to automate the discovery and extraction of evidence, reducing the cognitive load on investigators and improving the overall investigation process.
Keywords: Digital Forensics; Information Retrieval; Information Extraction; Cloud Computing; Automated Evidence Processing; Precision and Recall; Named Entity Extraction; Association Rule Mining
Abstract
Many jurisdictions suffer from lengthy backlogs in digital forensics investigations. This has negative consequences for the timely incorporation of digital evidence into criminal investigations, while also affecting the timelines required to bring a case to court. Modern technological advances, in particular the move towards cloud computing, has great potential in expediting the automated processing of digital evidence, thus reducing the manual workload for investigators. It also promises to provide a platform upon which more sophisticated automated techniques may be employed to improve the process further. This paper identifies some research strains from the areas of Information Retrieval and Information Extraction that have the potential to greatly help with the efficiency and effectiveness of digital forensics investigations.
BibTeX
@Inbook{lillis2016benefits,
author="Lillis, David and Scanlon, Mark",
editor="Park, James J. (Jong Hyuk) and Jin, Hai and Jeong, Young-Sik and Khan, Khurram Muhammad",
title="On the Benefits of Information Retrieval and Information Extraction Techniques Applied to Digital Forensics",
booktitle="Advanced Multimedia and Ubiquitous Engineering: FutureTech {\&} MUE",
year=2016,
month=04,
publisher="Springer Singapore",
address="Singapore",
pages="641--647",
isbn="978-981-10-1536-6",
doi="10.1007/978-981-10-1536-6_83",
url="http://dx.doi.org/10.1007/978-981-10-1536-6_83",
abstract="Many jurisdictions suffer from lengthy backlogs in digital forensics investigations. This has negative consequences for the timely incorporation of digital evidence into criminal investigations, while also affecting the timelines required to bring a case to court. Modern technological advances, in particular the move towards cloud computing, has great potential in expediting the automated processing of digital evidence, thus reducing the manual workload for investigators. It also promises to provide a platform upon which more sophisticated automated techniques may be employed to improve the process further. This paper identifies some research strains from the areas of Information Retrieval and Information Extraction that have the potential to greatly help with the efficiency and effectiveness of digital forensics investigations."
}