Download This PaperData Reduction and Data Mining Framework for Digital Forensic Evidence: Storage, Intelligence, Review and Archive
Trends & Issues in Crime and Criminal Justice 480: 1-11, 2014
11 Pages Posted: 19 Sep 2014 Last revised: 23 Sep 2014
Date Written: September 17, 2014
Abstract
The volume of digital forensic evidence is rapidly increasing, leading to large backlogs. In this paper, a Digital Forensic Data Reduction and Data Mining Framework is proposed. Initial research with sample data from South Australia Police Electronic Crime Section and Digital Corpora Forensic Images using the proposed framework resulted in significant reduction in the storage requirements — the reduced subset is only 0.196 percent and 0.75 percent respectively of the original data volume. The framework outlined is not suggested to replace full analysis, but serves to provide a rapid triage, collection, intelligence analysis, review and storage methodology to support the various stages of digital forensic examinations. Agencies that can undertake rapid assessment of seized data can more effectively target specific criminal matters. The framework may also provide a greater potential intelligence gain from analysis of current and historical data in a timely manner, and the ability to undertake research of trends over time.
Keywords: Criminal Intelligence, Data Reduction, Data Mining, Digital Forensics, Digital Evidence
JEL Classification: C88, C89, K42, K49
Suggested Citation: Suggested Citation