Exploring Data generated by Computer Forensic Tools with Self-Organizing Maps

Fei, Eloff, Venter, and Olivier

2005

Citation information

Abstract

Computer forensic tools have been developed to assist computer forensic investigators in conducting a proper investigation into computer crimes. In general, the majority of the tools available on the market have the ability to permit investigators to analyse data that was gathered from a computer system. Since storage media are steadily growing in size, the process of analysing large volumes of data consumes an enormous amount of time. Yet, the data on the storage media may contain implicit knowledge that could improve the quality of decisions in a computer investigation.

The focus of this paper is to demonstrate how an unsupervised learning neural network model, the self-organising map (SOM), can aid computer forensic investigators in decision making and assist them in conducting the analysis process more efficiently during a computer investigation. The SOM can be used to search for patterns in data sets and produce visual displays of the similarities in the data. The paper will aim to explore how the SOM can be used to serve as a basis for further analysis. It will demonstrate how the easy visualisation of the SOM provides investigators with greater abilities to interpret and explore the data generated by computer forensic tools.

BibTeX reference

[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: October 31, 2019