Title

From Digital Forensic Report To Bayesian Network Representation

Keywords

Bayesian networks; Computer forensics; Digital evidence; Digital forensics; Forensic report

Abstract

Computer (digital) forensic examiners typically write a report to document the examination process, including tools used, major processing steps, summary of the findings, and a detailed listing of relevant evidence (files, artifacts) exported to external media (CD, DVD, hard copy) for the case investigator or attorney. However, proper interpretation of the significance of extracted evidence often requires additional consultation with the examiner. This paper proposes a practical methodology for transforming the findings in typical forensic reports to a graphical representation using Bayesian networks (BNs). BNs offer the following advantages: (1) Delineate the cause-effect relationship among relevant pieces of evidence described in the report; and (2) Use probability and established Bayesian inference rules to deal with uncertainty of digital evidence. A realistic forensic report is used to demonstrate this methodology. ©2009 IEEE.

Publication Date

10-22-2009

Publication Title

2009 IEEE International Conference on Intelligence and Security Informatics, ISI 2009

Number of Pages

303-306

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/ISI.2009.5137330

Socpus ID

70350046791 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/70350046791

This document is currently not available here.

Share

COinS