Developing a Process Model for the Forensic Extraction of Information from Desktop Search

Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of each. This work represents a more structured approach than other forms of current research

Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive

With the volume of digital forensic evidence rapidly increasing, this paper proposes a data reduction and data mining framework that incorporates a process of reducing data volume by focusing on a subset of information. Foreword The volume of digital forensic evidence is rapidly increasing, leading to large backlogs. In this paper, a Digital Forensic Data Reduction and Data Mining Framework is proposed. Initial research with sample data from South Australia Police Electronic Crime Section and Digital Corpora Forensic Images using the proposed framework resulted in significant reduction in the storage requirements—the reduced subset is only 0.196 percent and 0.75 percent respectively of the original data volume. The framework outlined is not suggested to replace full analysis, but serves to provide a rapid triage, collection, intelligence analysis, review and storage methodology to support the various stages of digital forensic examinations. Agencies that can undertake rapid assessment of seized data can more effectively target specific criminal matters. The framework may also provide a greater potential intelligence gain from analysis of current and historical data in a timely manner, and the ability to undertake research of trends over time

A Framework for Identifying Malware Threat Distribution on the Dark Web

The Dark Web is an ever-growing phenomenon that has not been deeply explored. It is no secret that in recent years, malware has become a powerful threat to technology users. The Dark Web is known for supporting anonymity and secure connections for private interactions. Over the years, it has become a rich environment for displaying trends, details, and indicators of emerging malware threats. Through the application of data science and open-source intelligence techniques, trends in malware distribution can be studied. In this research, we create a framework for helping identify malware threat distribution patterns. We examine this type of Dark Web activity by utilizing an automated and manual approach for collecting data on malware exchanges. Furthermore, a comparative analysis is conducted to determine which approach is more effective and efficient. Our framework for identifying current or future malware threats that are distributed on the Dark Web is refined by examining the weaknesses and strengths of each gathering approach

Multi-synchronous collaboration between desktop and mobile users: A case study of report writing for emergency management

The development of multi-synchronous decision support systems to facilitate collaboration between diverse users is an emerging field in emergency management. Traditionally, information management for emergency response has been a centralised effort. However, modern devices such as smartphones provide new methods for gaining real-time information about a disaster from users in the field. In this paper, we present a framework for multi-synchronous collaborative report writing in the scope of emergency management. This framework supports desktop-based users as information providers and consumers, alongside mobile users as information providers to facilitate multi-synchronous collaboration. We consider the benefits of our framework for writing collaborative Situation Reports and discuss future directions for research