Computer Security and Forensics
Project DescriptionThis work is being conducted in conjunction with researchers from the fields of computer graphics and computer forensics. This goal of this project is to build a visualization that will enable computer forensics practitioners to more effectively gather and document electronic evidence, such as may be found on a computer hard drive. The first task in this process is to perform a task analysis of the way in which computer forensics experts currently perform their work. The results of this analysis will provide the requirements for the visualization tool. After the visualization tool is built, its effectiveness will be empirically validated against the original requirements. My expertise in empirical software engineering and experimental design is aiding in the initial task analysis and in the final validation.
Research FindingsWe have focused on understanding how users with various levels of expertise use existing computer forensics tools like "Forensics Toolkit" or "Autopsy Forensic Browser" to gather evidence of computer crimes. Our initial study focused on the domain of Webmail and internet history in fraud cases. Using results from on-site surveys of computer forensics officers and user studies with students, an initial visualization prototype for assisting in email analysis was developed. The study canvassed Mississippi and involved student interaction with law enforcement officers in order to inform our study. Using those results, we developed some quantifiable measures that were used to pilot some of the visualization's features with students. These results form the basis of the visualization were are currently refining; the plans are then to validate the visualization with further testing and evaluation by law enforcement officials.
Below is a picture of our video test-rig for studying how computer forensics officers use current forensics tools (click for a larger version).
Publications(Note: Blue = Journal; Red = Refereed Conference; Green = Workshop/Tech Report)
- Bogen, C., Dampier, D., Vaughn, R., Carver, J., Bridges, S., Allen, E. and Reese, D. "Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials. Journal of Digital Forensics Practice. To Appear.
- Jankun-Kelly, T., Wilson, D., Stamps, A., Franck, J., Carver, J., and Swan II, J. "Visual Analysis for
Textual Relationships in Digital Forensics Evidence." Information Visualization, Palgrave. To Appear.
- Jankun-Kelly, T., Wilson, D., Stamps, A., Franck, J., Carver, J. and Swan II, J. A Visual Analytic Framework for Exploring Relationships in Textual Contents of Digital Forensics Evidence. To appear in the Proceedings of the 2009 Workshop on Visualization for Cyber Security. October, 2009.
- Jankun-Kelly, T., Franck, J., Wilson, D., Carver, J.,
Dampier, D. and Swan II, J. "Show
Me How You See: Designing Studies to Learn How Computer Forensics Experts
May Benefit from Visualization." Proceedings of the 5th International Workshop on Visualization for
Cyber Security (VizSEC08). Sept. 15, 2008. Cambridge, MA. p. 80-86.
The original publication is available at www.springerlink.com or http://dx.doi.org/10.1007/978-3-540-85933-8
- Bogen, A., Dampier, D. and Carver, J. "Support for Computer Forensics Examination
Planning with Domain Modeling: A Report of One Experiment Trial." Proceedings of the
40th Hawaii International Conference on Systems Sciences. January 2007. p. 267b.
- Dr. T.J. Jankun-Kelly, Mississippi State University
- Dr. J. Edward Swan, Mississippi State University
- Dr. David Dampier, Mississippi State University
FundingThis work is supported by NSF CyberTrust grant CNS-0627407.
Projects Frontpage    |
List of Publications
Last Updated on March 9, 2010 by Jeffrey Carver