• • Classified by Research Category 
• • Classified by Publication Type 
• • Classified by Date 

Visual Analysis for Textual Relationships in Digital Forensics Evidence

T.J. Jankun-Kelly, David Wilson, Andrew S. Stamps, Josh Franck, Jeffry Carver, and J. Edward Swan II. Visual Analysis for Textual Relationships in Digital Forensics Evidence. Information Visualization, Special Issue on VizSec 2009, 10(2):134–144, 2011.

Download

[PDF] 

Abstract

We present a visual analytics framework for exploring the textual relationships in computer forensics. Based on a task analysis study performed with practitioners, our tool addresses the inefficiency of searching for related text documents on a hard drive. Our framework searches both allocated and unallocated sectors for text and performs some pre-analysis processing; this information is then presented via a visualization that displays both the frequency of relevant terms and their location on the disk. We also present a case study that demonstrates our framework's operation, and we report on an informal evaluation conducted with forensics analysts from the Mississippi State Attorney General's Office and National Forensics Training Center.

BibTeX

@Article{InfoVis10-tr, 
  author =       {T.J. Jankun-Kelly and David Wilson and Andrew S. Stamps and 
                  Josh Franck and Jeffry Carver and J. Edward {Swan~II}}, 
  title =        {Visual Analysis for Textual Relationships in Digital Forensics Evidence}, 
  journal =      {Information Visualization, Special Issue on VizSec 2009}, 
  year =         2011, 
  volume =       10, 
  number =       2, 
  pages =        {134--144}, 
  abstract =     { 
We present a visual analytics framework for exploring the textual 
relationships in computer forensics. Based on a task analysis study 
performed with practitioners, our tool addresses the inefficiency of 
searching for related text documents on a hard drive. Our framework 
searches both allocated and unallocated sectors for text and performs 
some pre-analysis processing; this information is then presented via a 
visualization that displays both the frequency of relevant terms and 
their location on the disk. We also present a case study that 
demonstrates our framework's operation, and we report on an informal 
evaluation conducted with forensics analysts from the Mississippi 
State Attorney General's Office and National Forensics Training 
Center. 
}, 
}