Automated User Analysis with User Input Log
Many studies are on progress in the field of digital forensics. However, most analysis methods lack from complexity as the size of data to be investigated enlarges. Thus, automated ways of analyzing the data is required to reduce the work done by the analysts. In our study, we propose an automated user analysis method that works based on the user input log. From the automated analysis, we provide priority on the further user classification, which helps reduce the total number of potential user to 21% of the total users, even in the worst case. In average cases, the exact matching user is found within the 10.5% highest priority users. By combining our proposed method with other existing methods, it would be possible to further reduce the complexity of jobs need to be done by the analysts.
Unable to display preview. Download preview PDF.
- 1.Grillo, A., Lentini, A., Me, G., Ottoni, M.: Fast User Classifying to Establish Forensic Analysis Priorities. In: The Fifth International Conference on IT Security Incident Management and IT Forensics (2009)Google Scholar
- 2.Conti, G., Dean, E., Sinda, M., Sangster, B.: Visual Reverse Engineering of Binary and Data Files. In: Workshop on Visualization for Computer Security (2008)Google Scholar
- 3.Conti, G., Bratus, S., Shubina, A., Sangster, B., Ragsdale, R., Supan, M., Lichtenberg, A., Perez-Alemany, R.: Automated Mapping of Large Binary Objects Using Primitive Fragment Type Classification. In: The Proceeding of Tenth Annual DFRWS Conference on Digital Investigation, August 2010, vol. 7(suppl. 1), pp. S3–S12 (2010)Google Scholar
- 4.Calhoun, W.C., Coles, D.: Predicting the Types of File Fragments. In: The Proceeding of the Eigth Annual DFRWS Conference on Digital Investigation, September 2008, vol. 20(suppl. 1), pp. S14–S20 (2008)Google Scholar