File system modelling for digital triage: An inductive profiling approach

Authors

Benjamin Rice, Australian Centre for Cyber Security, University of New South WalesFollow
Benjamin Turnbull, Australian Centre for Cyber Security, University of New South WalesFollow

Document Type

Conference Proceeding

Publisher

SRI Security Research Institute, Edith Cowan University, Perth, Western Australia

Abstract

Digital Triage is the initial, rapid screening of electronic devices as a precursor to full forensic analysis. Triage has numerous benefits including resource prioritisation, greater involvement of criminal investigators and the rapid provision of initial outcomes. In traditional scientific forensics and criminology, certain behavioural attributes and character traits can be identified and used to construct a case profile to focus an investigation and narrow down a list of suspects. This research introduces the Triage Modelling Tool (TMT), that uses a profiling approach to identify how offenders utilise and structure files through the creation of file system models. Results from the TMT have proven to be extremely promising when compared to Encase’s similar in-built functionality, which provides a strong justification for future work within this area.

Comments

13th Australian Digital Forensics Conference, held from the 30 November – 2 December, 2015 (pp. 132-140), Edith Cowan University Joondalup Campus, Perth, Western Australia.

DOI

10.4225/75/57b3ff9efb892