Australian Digital Forensics Conference
Document Type
Conference Proceeding
Publisher
SRI Security Research Institute, Edith Cowan University, Perth, Western Australia
Abstract
Forensic analysis commonly involves searching an investigation target for personal identifiable information. An Inland Revenue Department (IRD) number is used for taxation purposes in New Zealand and can provide evidence of perpetrator identity, transaction information or electronic fraud. This research has designed and implemented a bulk_extractor feature scanner to detect and validate IRD numbers (features). The IRD scanner has been tested on a known data set to ensure tool functionality. A large real world data set was then used to determine scanner effectiveness in a realistic investigation scenario. Real world data set testing highlighted a high number of unrelated features detected by the scanner. To combat this, a novel post-processing technique was implemented to identify forensically interesting IRD numbers by performing feature context searching. The post-processing findings proved that feature context searching is an effective data reduction technique that identified a low number of directly relevant IRD numbers.
DOI
10.4225/75/57b3f6edfb88a
Comments
13th Australian Digital Forensics Conference, held from the 30 November – 2 December, 2015 (pp. 62-69), Edith Cowan University Joondalup Campus, Perth, Western Australia.