Improving Digital Forensic Investigations through Automated User Entity Correlation

Mabrouka Abuhmida; Eric Llewellyn; Glenn Nor

doi:10.22214/ijraset.2023.51446

Improving Digital Forensic Investigations through Automated User Entity Correlation

Mabrouka Abuhmida, Eric Llewellyn, Glenn Nor^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

24 Downloads (Pure)

Abstract

Digital forensic investigation is a time-consuming process, particularly when it comes to manually correlating information between different custodians. Existing methods have been limited in their ability to provide a complete overview of relevant activities and events. In response, this research project has developed a new framework that uses metadata and document entity correlation to identify correlations between custodians. The resulting insights are novel, providing a unique overview of custodian data and a clearer understanding of document content and revisions. Using this framework, digital forensic investigators can extract relevant activity or event-based data, create custom activity or event-based correlation data, and generate event graphs. This approach is an efficient and practical way to generate actionable insights for large-scale investigations.

Original language	English
Article number	51446
Pages (from-to)	991-1001
Number of pages	12
Journal	International Journal for Research in Applied Science & Engineering Technology
Volume	11
Issue number	V
DOIs	https://doi.org/10.22214/ijraset.2023.51446
Publication status	Published - 11 May 2023

Keywords

Digital forensics
entity correlation
event-based data
framework development
custodians

Access to Document

10.22214/ijraset.2023.51446Licence: Unspecified

iJRASET_MA_ArticleFinal published version, 2.04 MBLicence: Unspecified

Cite this

@article{eee48a064a4f4e21b541b4e6fb31df77,

title = "Improving Digital Forensic Investigations through Automated User Entity Correlation",

abstract = "Digital forensic investigation is a time-consuming process, particularly when it comes to manually correlating information between different custodians. Existing methods have been limited in their ability to provide a complete overview of relevant activities and events. In response, this research project has developed a new framework that uses metadata and document entity correlation to identify correlations between custodians. The resulting insights are novel, providing a unique overview of custodian data and a clearer understanding of document content and revisions. Using this framework, digital forensic investigators can extract relevant activity or event-based data, create custom activity or event-based correlation data, and generate event graphs. This approach is an efficient and practical way to generate actionable insights for large-scale investigations.",

keywords = "Digital forensics, entity correlation, event-based data, framework development, custodians",

author = "Mabrouka Abuhmida and Eric Llewellyn and Glenn Nor",

year = "2023",

month = may,

day = "11",

doi = "10.22214/ijraset.2023.51446",

language = "English",

volume = "11",

pages = "991--1001",

journal = "International Journal for Research in Applied Science & Engineering Technology",

issn = "2321-9653",

number = "V",

}

TY - JOUR

T1 - Improving Digital Forensic Investigations through Automated User Entity Correlation

AU - Abuhmida, Mabrouka

AU - Llewellyn, Eric

AU - Nor, Glenn

PY - 2023/5/11

Y1 - 2023/5/11

N2 - Digital forensic investigation is a time-consuming process, particularly when it comes to manually correlating information between different custodians. Existing methods have been limited in their ability to provide a complete overview of relevant activities and events. In response, this research project has developed a new framework that uses metadata and document entity correlation to identify correlations between custodians. The resulting insights are novel, providing a unique overview of custodian data and a clearer understanding of document content and revisions. Using this framework, digital forensic investigators can extract relevant activity or event-based data, create custom activity or event-based correlation data, and generate event graphs. This approach is an efficient and practical way to generate actionable insights for large-scale investigations.

AB - Digital forensic investigation is a time-consuming process, particularly when it comes to manually correlating information between different custodians. Existing methods have been limited in their ability to provide a complete overview of relevant activities and events. In response, this research project has developed a new framework that uses metadata and document entity correlation to identify correlations between custodians. The resulting insights are novel, providing a unique overview of custodian data and a clearer understanding of document content and revisions. Using this framework, digital forensic investigators can extract relevant activity or event-based data, create custom activity or event-based correlation data, and generate event graphs. This approach is an efficient and practical way to generate actionable insights for large-scale investigations.

KW - Digital forensics

KW - entity correlation

KW - event-based data

KW - framework development

KW - custodians

U2 - 10.22214/ijraset.2023.51446

DO - 10.22214/ijraset.2023.51446

M3 - Article

SN - 2321-9653

VL - 11

SP - 991

EP - 1001

JO - International Journal for Research in Applied Science & Engineering Technology

JF - International Journal for Research in Applied Science & Engineering Technology

IS - V

M1 - 51446

ER -

Improving Digital Forensic Investigations through Automated User Entity Correlation

Abstract

Keywords

Access to Document

Fingerprint

Cite this