Research Article
Computer Profiling for Preliminary Forensic Examination
@INPROCEEDINGS{10.1007/978-3-319-14289-0_14, author={Andrew Marrington and Farkhund Iqbal and Ibrahim Baggili}, title={Computer Profiling for Preliminary Forensic Examination}, proceedings={Digital Forensics and Cyber Crime. Fifth International Conference, ICDF2C 2013, Moscow, Russia, September 26-27, 2013, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2015}, month={2}, keywords={Computer profiling Triage Formal methods Preliminary examination}, doi={10.1007/978-3-319-14289-0_14} }- Andrew Marrington
Farkhund Iqbal
Ibrahim Baggili
Year: 2015
Computer Profiling for Preliminary Forensic Examination
ICDF2C
Springer
DOI: 10.1007/978-3-319-14289-0_14
Abstract
The quantity problem and the natural desire of law enforcement to confront suspects with evidence of their guilt close to the time of arrest in order to elicit a confession combine to form a need for both effective digital forensic triage and preliminary forensic examination. This paper discusses computer profiling, a method for automated formal reasoning about a computer system, and its applicability to the problem domain of preliminary digital forensic examination following triage. It proposes an algorithm for using computer profiling at the preliminary examination stage of an investigation, which focusses on constructing an information model describing a suspect’s computer system in the minimal level of detail necessary to address a formal hypothesis about the system proposed by an investigator. The paper concludes by discussing the expanded utility of the algorithm proposed when contrasted to existing approaches in the digital forensic triage and preliminary examination space.
