Abstract
With the increasing application of GPS devices, trajectory data have been frequently adopted in digital forensics because it can encompass spatial and temporal aspects of suspects’ movements. However, a lack of semantic information causes difficulty of linking the trajectories with the activities of suspects. Using the situation of a kidnapping, this paper proposes a semantic-enhanced method in trajectory analysis, which categorizes the daily activities of suspects into different semantic types by connecting trajectory data with transaction data. In the meantime, we present an interactive visualization system with four inner-linked views to provide a collaborative visual analytics of trajectory and transaction data in multiple perspectives. In the case study, the kidnapping investigation is used to demonstrate how the system works on the routine pattern analysis of suspects, the detection of abnormal behaviors, and the association exploration among suspects and their abnormal behaviors.
Graphical abstract
Similar content being viewed by others
References
Andrienko G, Andrienko N (2008) Spatio-temporal aggregation for visual analysis of movements[C]. In: Visual Analytics Science and Technology, VAST’08. IEEE Symposium, pp 51–58
Andrienko N, Andrienko G, Fuchs G (2013) Towards privacy-preserving semantic mobility analysis[C]. In: EuroVis workshop on visual analytics. The Eurographics Association, pp 19–23
Aravecchia M, Calderara S, Chiossi S, Cucchiara R (2010) A videosurveillance data browsing software architecture for forensics: from trajectories similarities to video fragments[C]. In: Proceedings of the 2nd ACM workshop on Multimedia in forensics, security and intelligence. ACM, pp 37–42
Beebe NL, Clark JG (2005) A hierarchical, objectives-based framework for the digital investigations process[J]. Digit Inv 2(2):147–167
Boyandin I, Bertini E, Lalanne D (2010) Using flow maps to explore migrations over time[C]. In: Geospatial Visual Analytics Workshop in conjunction with the 13th AGILE International Conference on Geographic Information Science. vol. 2, no. 3
Carrier B, Spafford EH (2003) Getting physical with the digital investigation process[J]. Int J Digit Evid 2(2):1–20
Casey E (2011) Digital evidence and computer crime: forensic science, computers and the internet[M]. Academic press
Chainey S, Ratcliffe J (2005) GIS and crime mapping[M]. Wiley
Choi H, Lee H, Kim H (2009) Fast detection and visualization of network attacks on parallel coordinates[J]. Comput Secur 28(5):276–288
Ester M, Kriegel H P, Sander J, Xu X (1996) A density-based algorithm for discovering clusters in large spatial databases with noise. In: Kdd (vol. 96). pp 226–231
Garfinkel Simson L (2010) Digital forensics research: the next 10 years[J]. Digit Inv 7:S64–S73
Guidance Software. EnCase Forensics—Computer Forensics Data Col-lection for Digital Evidence Examiners[EB/OL] (2014) http://www.guidancesoftware.com/encase-forensic.htm. Accessed on October
Guo H, Wang Z, Yu B, Zhao H, Yuan X (2011) TripVista: triple perspective visual trajectory analytics and its application on microscopic traffic data at a road intersection[C]. In: Pacific Visualization Symposium (PacificVis), IEEE, pp 163–170
Heim K (2014) Visualization and modeling for crime data indexed by road segments[D]. George Mason University
Huebner E, Bem D, Bem O (2007) Computer forensics–past, present and future[J]. Inform Secur Tech Rep 8(2):32–46
Kapler T, Wright W (2005) GeoTime information visualization[J]. Inform Vis 4(2):136–146
Krüger R, Thom D, Wörner M, Bosch H, Ertl T (2013) Trajectory lenses–a set-based filtering and exploration technique for long-term Trajectory Data[C]. In: Computer Graphics Forum vol. 32, no. 3pt4). Blackwell Publishing Ltd, pp 451–460
Krüger R, Thom D, Ertl T (2014) Visual analysis of movement behavior using web data for context enrichment. In: Pacific Visualization Symposium (PacificVis). IEEE, pp 193–200
Lang A, Bashir M, Campbell R, DeStefano L (2014) Developing a new digital forensics curriculum[J]. Digit Inv 11:S76–S84
Lee J G, Han J, Li X (2008) Trajectory outlier detection: a partition-and-detect framework[C]. In: Data Engineering, ICDE. IEEE 24th International Conference, pp 140–149
Liao Z, Yu Y, Chen B (2010) Anomaly detection in GPS data based on visual analytics[C]. In: Visual Analytics Science and Technology (VAST), IEEE Symposium, pp 51–58
Malik A, Maciejewski R, Collins TF, Ebert DS (2010) Visual analytics law enforcement toolkit. In: Technologies for Homeland Security (HST). IEEE International Conference, pp 222–228
Mburu L, Helbich M (2014) Evaluating the accuracy and effectiveness of criminal geographic profiling methods: the case of dandora, Kenya[J]. The Professional Geographer
Noblett MG, Pollitt MM, Presley LA (2000) Recovering and examining computer forensic evidence[J]. Forensic Sci Commun 2(4):1–13
Pasquale L, Yu Y, Salehie M, Cavallaro L, Tun TT, Nuseibeh B (2013) Requirements-driven adaptive digital forensics[C]. In: Requirements Engineering Conference (RE), 21st IEEE International. IEEE, pp 340–341
Pirolli P, Card S (2005) The sensemaking process and leverage points for analyst technology as identified through cognitive task analysis[C]. In: Proceedings of International Conference on Intelligence Analysis (vol. 5). pp 2–4
Pollitt M (2010) A history of digital forensics[M]. In: Advances in Digital Forensics VI. Springer, Berlin, pp 3–15
Reith M, Carr C, Gunsch G (2002) An examination of digital forensic models[J]. Int J Digit Evid 1(3):1–12
Scheepens R, Willems N, van de Wetering H, van Wijk JJ (2011) Interactive visualization of multivariate trajectory data with density maps[C]. In: Pacific Visualization Symposium (PacificVis). IEEE, pp 147–154
Schreck T, Bernard J, Von Landesberger T, Kohlhammer J (2009) Visual cluster analysis of trajectory data with interactive kohonen maps[J]. Inform Vis 8(1):14–29
Shiravi H, Shiravi A, Ghorbani AA (2012) A survey of visualization systems for network security[J]. Vis Comput Gr IEEE Trans 18(8):1313–1329
Song X, Zhang Q, Sekimoto Y, Horanont T, Ueyama S, Shibasaki R (2013) Modeling and probabilistic reasoning of population evacuation during large-scale disaster[C]. In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge discovery and data mining. ACM, pp 1231–1239
Song X, Zhang Q, Sekimoto Y, Shibasaki R (2014) Prediction of human emergency behavior and their mobility following large-scale disaster[C]. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge discovery and data mining. ACM, pp 5–14
Tominski C, Schumann H, Andrienko G, Andrienko N (2012) Stacking-based visualization of trajectory attribute data[J]. Vis Comput Gr IEEE Trans 18(12):2565–2574
VAST Challenge Homepage [EB/OL] (2014) http://vacommunity.org/VAST+Challenge+2014. Accessed on October
Wang Z, Lu M, Yuan X, Zhang J, Wetering HVD (2013) Visual traffic jam analysis based on trajectory data[J]. Vis Comput Gr IEEE Trans 19(12):2159–2168
X-Ways Software for Forensics, Data Recovery and ITSecurity X-Ways Software Technology AG [EB/OL] (2014) http://www.winhex.com/. Accessed on October
Zhao Y, Liang X, Fan X, Wang Y, Yang M, Zhou F (2014) MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data[J]. J Vis 17(3):181–196
Acknowledgments
The authors wish to thank the anonymous reviewers for their comments. The authors would also like to thank the data providers, IEEE VAST Challenge. This work is supported by the National Natural Science Foundation of China under Grant Nos. 61103108 and 61402540, National Science & Technology Pillar Program of China under Grant Nos. 2012BAH08B01.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Liao, Zf., Li, Y., Peng, Y. et al. A semantic-enhanced trajectory visual analytics for digital forensic. J Vis 18, 173–184 (2015). https://doi.org/10.1007/s12650-015-0276-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12650-015-0276-z