Digital Forensics as a Surreal Narrative

  • Mark Pollitt
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 306)


Digital forensics is traditionally approached either as a computer science problem or as an investigative problem. In both cases, the goal is usually the same: attempt to locate discrete pieces of information that are probative. In the computer science approach, characteristics of the data are utilized to include or exclude objects, data or metadata. The investigative approach reviews the content of the evidence to interpret the data in the light of known facts and elements of the crime in order to determine probative information or information of lead value. This paper explores two literary theories, narrative theory and surrealism, for potential application to the digital forensic process. Narrative theory focuses on the “story” that is represented by text. At some level, a storage device may be viewed as a series of interweaving, possibly multi-dimensional, narratives. Furthermore, the narratives themselves, coupled with the metadata from the file system and applications, may form a meta-narrative. The literary theory of surrealism, the notion of disjointed elements, can be utilized to derive meaning from forensic evidence. This paper uses a technique known as surrealist games to illustrate the point.


Digital forensics narratology surrealism 


  1. 1.
    M. Bal, Narratology: Introduction to the Theory of Narrative, University of Toronto Press, Toronto, Canada, 1997.Google Scholar
  2. 2.
    N. Beebe and J. Clark, Dealing with terabyte data sets in digital investigations, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 3–16, 2005.Google Scholar
  3. 3.
    W. Benjamin, Theoretics of knowledge; theory of progress, Philosophical Forum, vol. 15(1-2), pp. 1–40, 1984.Google Scholar
  4. 4.
    A. Breton, Les Manifestes du Surrealisme, Jean-Jacques Pauvert, Paris, France, 1972.Google Scholar
  5. 5.
    S. Bunting and S. Anson, Mastering Windows Network Forensics and Investigation, Sybex, Alameda, California, 2007.Google Scholar
  6. 6.
    B. Carrier, File System Forensic Analysis, Addison-Wesley, Boston, Massachusetts, 2005.Google Scholar
  7. 7.
    H. Carvey, Windows Forensic Analysis, Syngress, Rockland, Massachusetts, 2007.Google Scholar
  8. 8.
    E. Casey, Digital Evidence and Computer Crime, Academic Press, Boston, Massachusetts, 2004.Google Scholar
  9. 9.
    J. Gibson, Surrealism before Freud: Dynamic psychiatry’s “simple recording instrument,” Art Journal, vol. 46(1), pp. 56–60, 1987.Google Scholar
  10. 10.
    J. Guan, D. Liu and T. Wang, Applications of fuzzy data mining methods for intrusion detection systems, Proceedings of the International Conference on Computational Science and its Applications, pp. 706–714, 2004.CrossRefGoogle Scholar
  11. 11.
    P. Hammond, The Shadow and its Shadow: Surrealist Writings on the Cinema, City Lights Books, San Francisco, California, 2000.Google Scholar
  12. 12.
    M. Hoeschele and M. Rogers, Detecting social engineering, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 67–77, 2005.Google Scholar
  13. 13.
    W. Kruse and J. Heiser, Computer Forensics: Incident Response Essentials, Addison-Wesley, Boston, Massachusetts, 2001.Google Scholar
  14. 14.
    E. Leach, The social theory of Claude Levi-Strauss, British Journal of Sociology, vol. 33(1), pp. 148–149, 1982.CrossRefGoogle Scholar
  15. 15.
    H. Lonitz (Ed.), Theodor W. Adorno and Walter Benjamin: The Complete Correspondence, 1928-1940, Harvard University Press, Cambridge, Massachusetts, 1999.Google Scholar
  16. 16.
    P. Lyman and H. Varian, How much information? University of California, Berkeley, California ( /projects/how-much-info-2003), 2003.Google Scholar
  17. 17.
    A. Marcella and D. Menendez, Cyber Forensics: A Field Manual for Collecting, Examining and Preserving Evidence of Computer Crimes, Auerbach Publications, Boca Raton, Florida, 2007.CrossRefGoogle Scholar
  18. 18.
    W. Ong, Orality and Literacy, Routledge, New York, 2002.Google Scholar
  19. 19.
    M. Pollitt and S. Shenoi (Eds.), Advances in Digital Forensics, Springer, Boston, Massachusetts, 2005.Google Scholar
  20. 20.
    R. Ray, The Avant-Garde Finds Andy Hardy, Harvard University Press, Cambridge, Massachusetts, 1995.Google Scholar
  21. 21.
    Scientific Working Groups on Digital Evidence and Imaging Technology, SWGDE and SWGIT Digital and Multimedia Evidence Glossary ( SWGITGlossaryV2.2.pdf), 2007.Google Scholar
  22. 22., text ( Scholar
  23. 23.
    M. Wesch, Digital ethnography ( Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Mark Pollitt

There are no affiliations available

Personalised recommendations