In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
European Information Security Multi-Conference (EISMC 2013)
Title: Visual Triage of Email Network Narratives for Digital Investigations
Author(s): John Haggerty, Sheryllynne Haggerty, Mark Taylor
Keywords: Digital forensics, email, social networks, narrative, data visualization
Abstract: Email remains a key source of evidence during a digital investigation. The forensics examiner may be required to triage and analyse large email data sets for evidence. Current practice utilises tools and techniques that require a manual trawl through such data, which is a time-consuming process. Recent research has focused on speeding up analysis through the use of data visualization and the quantitative analysis of emails, for example, by analysing actor relationships identified through this medium. However, these approaches are unable to analyse the qualitative content, or narrative, of the emails themselves to provide a much richer picture of the evidence. This paper posits a novel approach which combines both quantitative and qualitative analysis of emails using data visualization to elucidate qualitative information for the forensics examiner. In this way, the examiner is able to triage large volumes of emails to identify actor relationships as well as their network narrative. In order to demonstrate the applicability of this methodology, this paper applies it to a case study of email data.
Download count: 1550
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.