Abstract
This work presents a method for the measurement of the accuracy of evidential artifact extraction and categorization tasks in digital forensic investigations. Instead of focusing on the measurement of accuracy and errors in the functions of digital forensic tools, this work proposes the application of information retrieval measurement techniques that allow the incorporation of errors introduced by tools and analysis processes. This method uses a ‘gold standard’ that is the collection of evidential objects determined by a digital investigator from suspect data with an unknown ground truth. This work proposes that the accuracy of tools and investigation processes can be evaluated compared to the derived gold standard using common precision and recall values. Two example case studies are presented showing the measurement of the accuracy of automated analysis tools as compared to an in-depth analysis by an expert. It is shown that such measurement can allow investigators to determine changes in accuracy of their processes over time, and determine if such a change is caused by their tools or knowledge.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, T., Schum, D.A., Twining, W.L.: Analysis of Evidence. Cambridge University Press, Cambridge (2005)
Baggili, I.M., Mislan, R., Rogers, M.: Mobile phone forensics tool testing: A database driven approach. Int. J. Digit. Evid. 6(2), 168–178 (2007)
Beebe, N.L., Clark, J.G.: Digital forensic text string searching: improving information retrieval effectiveness by thematically clustering search results. Digit. Investig. 4, 49–54 (2007)
Carrier, B.D.: Defining digital forensic examination and analysis tools. In: Digital Forensic Research Workshop, Syracuse, NY, p. 10 (2002). (Citeseer)
Casey, E.: Error, uncertainty, and loss in digital evidence. Int. J. Digit. Evid. 1(2), 1–45 (2002)
de Vel, O.: File classification using byte sub-stream kernels. Digit. Investig. 1(2), 150–157 (2004)
Gogolin, G.: The digital crime tsunami. Digit. Investig. 7(1–2), 3–8 (2010)
Goss, J., Gladyshev, P.: Forensic triage: managing the risk. Ph.D. thesis, Dublin (2010)
Guidance: EnCase Legal Journal, September 2009 Edition (2009)
James, J.: Survey of evidence and forensic tool usage in digital investigations (2010)
James, J.I., Gladyshev, P.: 2010 Report of digital forensic standards, processes and accuracy measurement (2011)
James, J.I., Gladyshev, P.: A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview. Digit. Investig. 10(2), 148–157 (2013)
James, J.I., Gladyshev, P.: Challenges with automation in digital forensic investigations, pp. 1–7 (2013)
Jones, A., Valli, C.: Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility. Butterworth-Heinemann, Oxford (2008)
Kim, J.S., Kim, D.G., Noh, B.N.: A fuzzy logic based expert system as a network forensics. In: Proceedings of the 2004 IEEE International Conference on Fuzzy Systems, vol. 2, pp. 879–884. IEEE (2004)
Koopmans, M.B., James, J.I.: Automated network triage. Digit. Investig. 10(2), 129–137 (2013)
Li, B., Wang, Q, Luo, J.: Forensic analysis of document fragment based on SVM (2006)
Lyle, J.R.: If error rate is such a simple concept, why don’t i have one for my forensic tool yet? Digit. Investig. 7, S135–S139 (2010)
Manning, C.D., Raghavan, P., Schutze, H.: Introduction to Information Retrieval. Cambridge University Press, Cambridge (2008)
NIST: Computer forensics tool testing program (2013)
Obasogie, O.: Phantom of Heilbronn revealed! (2009)
Palmer, G.L.: Forensic analysis in the digital world. Int. J. Digit. Evid. 1(1), 1–6 (2002)
Rennison, A.: Codes of practice and conduct for forensic science providers and practitioners in the criminal justice system (2011)
Russell, S.J., Norvig, P.: Artificial Intelligence: A Modern Approach. Prentice Hall, Upper Saddle River (2009)
Supreme Court: Daubert v. Merrell Dow Pharmaceuticals (1993)
Supreme Court: Crawford v. Commonwealth of Virginia (2000)
Thompson, W.C.: DNA testing. In: Levinson, D. (ed.) Encyclopedia of Crime and Punishment, vol. 2, pp. 537–544. Sage Publications Inc, Thousand Oaks (2002)
Yeoman, F.: The phantom of Heilbronn, the tainted DNA and an eight-year goose chase (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix
A Case 1: Results of Precision of Investigation vs. the Gold Standard
Examination 1:
See Table 6.
Examination 2:
See Table 7.
Examination 3:
See Table 8.
Examination 4:
See Table 9.
Examination 5:
See Table 10.
B Case 2: Results of Precision of Investigation vs. the Gold Standard
See Tables 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29 and 30.
Rights and permissions
Copyright information
© 2014 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
James, J.I., Lopez-Fernandez, A., Gladyhsev, P. (2014). Measuring Accuracy of Automated Parsing and Categorization Tools and Processes in Digital Investigations. In: Gladyshev, P., Marrington, A., Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 132. Springer, Cham. https://doi.org/10.1007/978-3-319-14289-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-14289-0_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14288-3
Online ISBN: 978-3-319-14289-0
eBook Packages: Computer ScienceComputer Science (R0)