Australian Digital Forensics Conference

Document Type

Conference Proceeding

Publisher

SRI Security Research Institute, Edith Cowan University, Perth, Western Australia

Abstract

Forensic analysis commonly involves searching an investigation target for personal identifiable information. An Inland Revenue Department (IRD) number is used for taxation purposes in New Zealand and can provide evidence of perpetrator identity, transaction information or electronic fraud. This research has designed and implemented a bulk_extractor feature scanner to detect and validate IRD numbers (features). The IRD scanner has been tested on a known data set to ensure tool functionality. A large real world data set was then used to determine scanner effectiveness in a realistic investigation scenario. Real world data set testing highlighted a high number of unrelated features detected by the scanner. To combat this, a novel post-processing technique was implemented to identify forensically interesting IRD numbers by performing feature context searching. The post-processing findings proved that feature context searching is an effective data reduction technique that identified a low number of directly relevant IRD numbers.

Comments

13th Australian Digital Forensics Conference, held from the 30 November – 2 December, 2015 (pp. 62-69), Edith Cowan University Joondalup Campus, Perth, Western Australia.

DOI

10.4225/75/57b3f6edfb88a

Share

 
COinS