J Haggerty
A framework for the forensic investigation of unstructured email relationship data
Haggerty, J; Karran, A; Lamb, D; Taylor, M
Authors
A Karran
D Lamb
M Taylor
Abstract
Our continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social networks, such as relationships within the network, identification of key actors and power relations, and there are currently no standardised tools for its forensic analysis. Moreover, email investigations may involve many hundreds of actors and thousands of messages. This paper posits a framework for the forensic investigation of email data. In particular, it focuses on the triage and analysis of unstructured data to identify key actors and relationships within an email network. This paper demonstrates the applicability of the approach by applying relevant stages of the framework to the Enron email corpus. The paper illustrates the advantage of triaging this data to identify (and discount) actors and potential sources of further evidence. It then applies social network analysis techniques to key actors within the data set. This paper posits that visualisation of unstructured data can greatly aid the examiner in their analysis of evidence discovered during an investigation.
Citation
Haggerty, J., Karran, A., Lamb, D., & Taylor, M. (2011). A framework for the forensic investigation of unstructured email relationship data. International Journal of Digital Crime and Forensics, 3(3), 1-18. https://doi.org/10.4018/jdcf.2011070101
Journal Article Type | Article |
---|---|
Publication Date | Sep 1, 2011 |
Deposit Date | Oct 11, 2011 |
Publicly Available Date | Apr 5, 2016 |
Journal | International Journal of Digital Crime and Forensics |
Print ISSN | 1941-6210 |
Publisher | IGI Global |
Peer Reviewed | Peer Reviewed |
Volume | 3 |
Issue | 3 |
Pages | 1-18 |
DOI | https://doi.org/10.4018/jdcf.2011070101 |
Publisher URL | http://www.igi-global.com/article/international-journal-digital-crime-forensics/58405 |
Files
Published_paper.pdf
(4 Mb)
PDF
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search