Computer Security and Forensics

Project Description

This work is being conducted in conjunction with researchers from the fields of computer graphics and computer forensics. This goal of this project is to build a visualization that will enable computer forensics practitioners to more effectively gather and document electronic evidence, such as may be found on a computer hard drive. The first task in this process is to perform a task analysis of the way in which computer forensics experts currently perform their work. The results of this analysis will provide the requirements for the visualization tool. After the visualization tool is built, its effectiveness will be empirically validated against the original requirements. My expertise in empirical software engineering and experimental design is aiding in the initial task analysis and in the final validation.

Research Findings

We have focused on understanding how users with various levels of expertise use existing computer forensics tools like "Forensics Toolkit" or "Autopsy Forensic Browser" to gather evidence of computer crimes. Our initial study focused on the domain of Webmail and internet history in fraud cases. Using results from on-site surveys of computer forensics officers and user studies with students, an initial visualization prototype for assisting in email analysis was developed. The study canvassed Mississippi and involved student interaction with law enforcement officers in order to inform our study. Using those results, we developed some quantifiable measures that were used to pilot some of the visualization's features with students. These results form the basis of the visualization were are currently refining; the plans are then to validate the visualization with further testing and evaluation by law enforcement officials.

Below is a picture of our video test-rig for studying how computer forensics officers use current forensics tools (click for a larger version).
Test Rig Tool

Publications

(Note: Blue = Journal; Red = Refereed Conference; Green = Workshop/Tech Report
  • Bogen, C., Dampier, D., Vaughn, R., Carver, J., Bridges, S., Allen, E. and Reese, D. "Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials. Journal of Digital Forensics Practice. To Appear.


  • Jankun-Kelly, T., Wilson, D., Stamps, A., Franck, J., Carver, J., and Swan II, J. "Visual Analysis for Textual Relationships in Digital Forensics Evidence." Information Visualization, Palgrave. To Appear.

  • Jankun-Kelly, T., Wilson, D., Stamps, A., Franck, J., Carver, J. and Swan II, J. A Visual Analytic Framework for Exploring Relationships in Textual Contents of Digital Forensics Evidence. To appear in the Proceedings of the 2009 Workshop on Visualization for Cyber Security. October, 2009.


  • Jankun-Kelly, T., Franck, J., Wilson, D., Carver, J., Dampier, D. and Swan II, J. "Show Me How You See: Designing Studies to Learn How Computer Forensics Experts May Benefit from Visualization." Proceedings of the 5th International Workshop on Visualization for Cyber Security (VizSEC08). Sept. 15, 2008. Cambridge, MA. p. 80-86. p. 80-86.
    The original publication is available at www.springerlink.com or http://dx.doi.org/10.1007/978-3-540-85933-8

  • Bogen, A., Dampier, D. and Carver, J. "Support for Computer Forensics Examination Planning with Domain Modeling: A Report of One Experiment Trial." Proceedings of the 40th Hawaii International Conference on Systems Sciences. January 2007. p. 267b.

Collaborators

Funding

This work is supported by NSF CyberTrust grant CNS-0627407.

Projects Frontpage    |     Homepage    |     List of Publications

Last Updated on March 9, 2010 by Jeffrey Carver

University of Alabama | College of Engineering | Department of Computer Science
© Copyright 2009 University of Alabama