Abstract
Visualizations of communications between actors are typically presented as actor interactions or as plots of the dates and times when the communications occurred. These visualizations are valuable to forensic analysts; however, they do not provide an understanding of the general flow of the discussed topics, which are identified by keywords or keyphrases. The ability to view the content of a corpus as a timeline of discussion topics can provide clues to when certain topics became more prevalent in the discussion, when topics disappeared from the discussion and which topics are outliers in the corpus. This, in turn, may help discover related topics and times that can be used as clues in further analyses. The goal is to provide a forensic analyst with assistance in systematically reviewing data, eliminating the need to manually examine large amounts of communications.
This chapter focuses on the timeline-based visualization of keywords in a text corpus. The proposed technique employs automated keyword extraction and clustering to produce a visual summary of topics recorded from the content of an email corpus. Topics are regarded as keywords and are placed on a timeline for visual inspection. Links are placed between topics as the timeline progresses. Placing topics on a timeline makes it easier to discover patterns of communication about specific topics instead of merely focusing on general discussion patterns. The technique complements existing visualization techniques by enabling a forensic analyst to concentrate on the most interesting portions of a corpus.
Chapter PDF
Similar content being viewed by others
References
P. Appan, H. Sundaram and B. Tseng, Summarization and visualization of communication patterns in a large-scale social network, Proceedings of the Tenth Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining, pp. 371–379, 2006.
V. Devendran, H. Shahriar and V. Clincy, A comparative study of email forensic tools, Journal of Information Security, vol. 6(2), pp. 111–117, 2015.
B. Fei, J. Eloff, H. Venter and M. Olivier, Exploring forensic data with self-organizing maps, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 113–123, 2005.
S. Frau, J. Roberts and N. Boukhelifa, Dynamic coordinated email visualization, Proceedings of the Thirteenth International Conference in Central Europe on Computer Graphics, Visualization and Computer Vision, pp. 187–193, 2005.
J. Haggerty, S. Haggerty and M. Taylor, Forensic triage of email network narratives through visualization, Information Management and Computer Security, vol. 22(4), pp. 358–370, 2014.
E. Hall, The application/mbox Media Type, RFC 4155 (datatracker.ietf.org/doc/rfc4155), 2005.
M. Joorabchi, EmailTime: Visualization and Analysis of Email Dataset, Master’s Thesis, School of Interactive Art and Technology, Simon Fraser University, Burnaby, Canada, 2010.
H. Lalla and S. Flowerday, Towards a standardized digital forensic process, Proceedings of the Information Security South Africa Conference, 2010.
M. Makrehchi and M. Kamel, Extracting domain-specific stop words for text classifiers, Intelligent Data Analysis, vol. 21(1), pp. 39–62, 2017.
NLTK Project, Natural Language Toolkit (www.nltk.org), 2019.
A. Nordbo, Data Visualization for Discovery of Digital Evidence in Email, Master’s Thesis, Department of Computer Science and Media Technology, Gjovik University College, Gjovik, Norway, 2014.
J. Olsson and M. Boldt, Computer forensic timeline visualization tool, Digital Investigation, vol. 6(S), pp. S78–S87, 2009.
G. Palmer, A Road Map for Digital Forensic Research, DFRWS Technical Report, Technical Report DTR-T001-01 Final, Air Force Research Laboratory, Rome, New York, 2001.
M. Porter, An algorithm for suffix stripping, in Readings in Information Retrieval, K. Sparck-Jones and P. Willet (Eds.), Morgan Kaufmann, San Francisco, California, pp. 313–316, 1997.
S. Rose, D. Engel, N. Cramer and W. Cowley, Automatic keyword extraction from individual documents, in Text Mining: Applications and Theory, M. Berry and J. Kogan (Eds.), John Wiley and Sons, Hoboken, New Jersey, pp. 1–20, 2010.
G. Salton, The SMART Retrieval System: Experiments in Automatic Document Processing, Prentice-Hall, Upper Saddle River, New Jersey, 1971.
P. Samanta and B. Chaudhuri, A simple real-word error detection and correction using local word bigram and trigram, Proceedings of the Twenty-Fifth Conference on Computational Linguistics and Speech Processing, pp. 211–220, 2013.
G. Schrenk and R. Poisel, A discussion of visualization techniques for the analysis of digital evidence, Proceedings of the Sixth International Conference on Availability, Reliability and Security, pp. 758–763, 2011.
D. Shahaf, C. Guestrin and E. Horvitz, Metro maps of science, Proceedings of the Eighteenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1122–1130, 2012.
D. Shahaf, C. Guestrin and E. Horvitz, Trains of thought: Generating information maps, Proceedings of the Twenty-First International Conference on World Wide Web, pp. 899–908, 2012.
S. Siddiqi and A. Sharan, Keyword and keyphrase extraction techniques: A literature review, International Journal of Computer Applications, vol. 109(2), pp. 18–23, 2015.
J. Stadlinger and A. Dewald, A forensic email analysis tool using dynamic visualization, Journal of Digital Forensics, Security and Law, vol. 12(1), article no. 6, 2017.
S. Sudarsky and R. Hjelsvold, Visualizing electronic mail, Proceedings of the Sixth International Conference on Information Visualization, pp. 3–9, 2002.
F. Viegas, S. Golder and J. Donath, Visualizing email content: Portraying relationships from conversational histories, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 979–988, 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 IFIP International Federation for Information Processing
About this paper
Cite this paper
van Staden, W. (2019). Timeline Visualization of Keywords. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XV. DigitalForensics 2019. IFIP Advances in Information and Communication Technology, vol 569. Springer, Cham. https://doi.org/10.1007/978-3-030-28752-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-28752-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-28751-1
Online ISBN: 978-3-030-28752-8
eBook Packages: Computer ScienceComputer Science (R0)