On the Benefits of Information Retrieval and Information Extraction Techniques Applied to Digital Forensics

  • David Lillis
  • Mark Scanlon
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 393)


Many jurisdictions suffer from lengthy evidence processing backlogs in digital forensics investigations. This has negative consequences for the timely incorporation of digital evidence into criminal investigations, while also affecting the timelines required to bring a case to court. Modern technological advances, in particular the move towards cloud computing, have great potential in expediting the automated processing of digital evidence, thus reducing the manual workload for investigators. It also promises to provide a platform upon which more sophisticated automated techniques may be employed to improve the process further. This paper identifies some research strains from the areas of Information Retrieval and Information Extraction that have the potential to greatly help with the efficiency and effectiveness of digital forensics investigations.


Digital forensics Information retrieval Information extraction 


  1. 1.
    Lee J, Un S (2012) Digital forensics as a service: a case study of forensic indexed search. In: International conference on ICT convergence (ICTC), pp 499–503Google Scholar
  2. 2.
    Van Baar RB, van Beek HMA, van Eijk EJ (2014) Digital forensics as a service: a game changer. Digital Investig 11:S54–S62CrossRefGoogle Scholar
  3. 3.
    Watkins K, McWhorte M, Long J, Hill B (2009) Teleporter: an analytically and forensically sound duplicate transfer system. Digital Investig 6(suppl):43–47Google Scholar
  4. 4.
    Scanlon M, Kechadi MT (2010) Online acquisition of digital forensic evidence. In: Goel S (ed) Digital forensics and cyber crime: first international ICST conference, ICDF2C 2009, Albany, NY, USA, 30 Sept–2 Oct 2009, revised selected papers. Springer, Berlin, pp 122–131Google Scholar
  5. 5.
    Beebe NL, Clark JG (2007) Digital forensic text string searching: improving information retrieval effectiveness by thematically clustering search results. Digital Investig 4(suppl):49–54Google Scholar
  6. 6.
    Beebe N (2009) Digital forensic research: the good, the bad and the unaddressed. In: Advances in digital forensics V. Springer, Berlin, pp 17–36Google Scholar
  7. 7.
    Furnas GW, Deerwester S, Dumais ST, Landauer TK, Harshman RA, Streeter LA, Lochbaum KE (1988) Information retrieval using a singular value decomposition model of latent semantic structure. In: SIGIR ’88: proceedings of the 11th annual international ACM SIGIR conference on Research and development in information retrieval, New York, NY, USA, pp 465–480Google Scholar
  8. 8.
    Du L, Jin H, de Vel O, Liu N (2008) A latent semantic indexing and WordNet based information retrieval model for digital forensics. In: 2008 IEEE international conference on intelligence and security informatics, IEEE, pp 70–75Google Scholar
  9. 9.
    Beebe NL, Liu L (2014) Ranking algorithms for digital forensic string search hits. Digital Investig 11(suppl. 2):314–322CrossRefGoogle Scholar
  10. 10.
    Beebe NL, Clark JG, Dietrich GB, Ko MS, Ko D (2011) Post-retrieval search hit clustering to improve information retrieval effectiveness: two digital forensics case studies. Decis Support Syst 51(4):732–744CrossRefGoogle Scholar
  11. 11.
    Yang M, Chow KP (2015) An information extraction framework for digital forensic investigations. In: Advances in digital forensics XI. Springer, Berlin, pp 61–76Google Scholar
  12. 12.
    De Vel O, Anderson A, Corney M, Mohay G (2001) Mining e-mail content for author identification forensics. ACM Sigmod Record 30(4):55–64CrossRefGoogle Scholar
  13. 13.
    Chau M, Xu JJ, Chen H (2002) Extracting meaningful entities from police narrative reports. In: Proceedings of the 2002 annual national conference on Digital government research, Digital Government Society of North America, pp 1–5Google Scholar
  14. 14.
    Salton G, Singhal A, Mitra M, Buckley C (1997) Automatic text structuring and summarization. Inf Process Manage 33(2):193–207CrossRefGoogle Scholar
  15. 15.
    Chabot Y, Bertaux A, Kechadi MT, Nicolle C (2014) Event reconstruction: a state of the art. In: Handbook of research on digital crime, cyberspace security and information assurance. IGI Global, pp 231–245Google Scholar
  16. 16.
    Hargreaves C, Patterson J (2012) An automated timeline reconstruction approach for digital forensic investigations. Digital Investig 9:S69–S79CrossRefGoogle Scholar
  17. 17.
    Campos R, Dias G, Jorge AM, Jatowt A (2014) Survey of temporal information retrieval and related applications. ACM Comput Surv 47(2):1–41CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Singapore 2016

Authors and Affiliations

  1. 1.Beijing-Dublin International CollegeDublinIreland
  2. 2.School of Computer ScienceUniversity College DublinDublinIreland

Personalised recommendations