Exploring Data Generated by Computer Forensic Tools with Self-organizing Maps

Bennie KL Fei, Jan HP Eloff, Hein S Venter and Martin S Olivier

2005

[Citation information] [Abstract] [Keywords] [BibTeX entry] [Full text]
[Return to publications]

Citation information

BKL Fei, JHP Eloff, HS Venter and MS Olivier, "Exploring Data Generated by Computer Forensic Tools with Self-organizing Maps," in M Pollitt and S Shenoi (eds), Advances in Digital Forensics, 113-123, Springer, 2005

Abstract

Computer forensic tools have been developed to assist computer forensic investigators in conducting a proper investigation into computer crimes. In general, the majority of the tools available on the market have the ability to permit investigators to analyse data that was gathered from a computer system. Since storage media are steadily growing in size, the process of analysing large volumes of data consumes an enormous amount of time. Yet, the data on the storage media may contain implicit knowledge that could improve the quality of decisions in a computer investigation.

The focus of this paper is to demonstrate how an unsupervised learning neural network model, the self-organising map (SOM), can aid computer forensic investigators in decision making and assist them in conducting the analysis process more efficiently during a computer investigation. The SOM can be used to search for patterns in data sets and produce visual displays of the similarities in the data. The paper will aim to explore how the SOM can be used to serve as a basis for further analysis. It will demonstrate how the easy visualisation of the SOM provides investigators with greater abilities to interpret and explore the data generated by computer forensic tools.

Keywords

Self-organising map, visualisation, correlations, patterns, computer forensics

BibTeX entry

@INPROCEEDINGS(som,
  AUTHOR={Bennie K L Fei and Jan H P Eloff and Hein S Venter and Martin S
    Olivier},
  TITLE={Exploring Data generated by Computer Forensic Tools with
    Self-Organizing Maps},
  PAGES={113--123},
  BOOKTITLE={Advances in Digital Forensics},
  EDITOR={Mark Pollitt and Sujeet Shenoi},
  YEAR={2005},
  PUBLISHER={Springer} )

Full text

The full text may be downloaded from http://mo.co.za/ask/som.pdf (PDF, 143K) (©IFIP).

Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

[Publications] [Home]
Page maintained by Martin Olivier
Last update: 22 December 2005