Australian Digital Forensics Conference

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University, Perth, Western Australia


This paper investigates the use of fuzzy inference for detection of abnormal changes in email traffic communication behaviour. Several communication behaviour measures and metrics are defined for extracting information on the traffic communication behaviour of email users. The information from these behaviour measures is then combined using a hierarchy of fuzzy inference systems, to provide an abnormality rating for overall changes in communication behaviour of suspect email accounts. The use of fuzzy inference is then demonstrated with a case study investigating the email traffic behaviour of a person’s email accounts from the Enron email corpus.


Originally published in the Proceedings of the 4th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 4th 2006.