Skip to main content

Research Repository

Advanced Search

A framework for the forensic investigation of unstructured email relationship data

Haggerty, J; Karran, A; Lamb, D; Taylor, M

A framework for the forensic investigation of unstructured email relationship data Thumbnail


Authors

J Haggerty

A Karran

D Lamb

M Taylor



Abstract

Our continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social networks, such as relationships within the network, identification of key actors and power relations, and there are currently no standardised tools for its forensic analysis. Moreover, email investigations may involve many hundreds of actors and thousands of messages. This paper posits a framework for the forensic investigation of email data. In particular, it focuses on the triage and analysis of unstructured data to identify key actors and relationships within an email network. This paper demonstrates the applicability of the approach by applying relevant stages of the framework to the Enron email corpus. The paper illustrates the advantage of triaging this data to identify (and discount) actors and potential sources of further evidence. It then applies social network analysis techniques to key actors within the data set. This paper posits that visualisation of unstructured data can greatly aid the examiner in their analysis of evidence discovered during an investigation.

Citation

Haggerty, J., Karran, A., Lamb, D., & Taylor, M. (2011). A framework for the forensic investigation of unstructured email relationship data. International Journal of Digital Crime and Forensics, 3(3), 1-18. https://doi.org/10.4018/jdcf.2011070101

Journal Article Type Article
Publication Date Sep 1, 2011
Deposit Date Oct 11, 2011
Publicly Available Date Apr 5, 2016
Journal International Journal of Digital Crime and Forensics
Print ISSN 1941-6210
Publisher IGI Global
Peer Reviewed Peer Reviewed
Volume 3
Issue 3
Pages 1-18
DOI https://doi.org/10.4018/jdcf.2011070101
Publisher URL http://www.igi-global.com/article/international-journal-digital-crime-forensics/58405

Files






Downloadable Citations