Digital forensic text string searching: Improving information retrieval effectiveness by thematically clustering search results

Authors:
Nicole Lang Beebe;Jan Guynes Clark
Affiliations:
The University of Texas at San Antonio, Department of IS&TM, One UTSA Circle, San Antonio, TX 78249, United States;The University of Texas at San Antonio, Department of IS&TM, One UTSA Circle, San Antonio, TX 78249, United States
Venue:
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Year:
2007

Citing 20
Cited 6

Semantic file systems

SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Reexamining the cluster hypothesis: scatter/gather on retrieval results

SIGIR '96 Proceedings of the 19th annual international ACM SIGIR conference on Research and development in information retrieval
A graphical, self-organizing approach to classifying electronic meeting output

Journal of the American Society for Information Science
A new on-line learning algorithm for adaptive text filtering

Proceedings of the seventh international conference on Information and knowledge management
Web document clustering: a feasibility demonstration

Proceedings of the 21st annual international ACM SIGIR conference on Research and development in information retrieval
The anatomy of a large-scale hypertextual Web search engine

WWW7 Proceedings of the seventh international conference on World Wide Web 7
Internet browsing and searching: user evaluations of category map and concept space techniques

Journal of the American Society for Information Science - Special topic issue: artificial intelligence techniques for emerging information systems applications
Grouper: a dynamic clustering interface to Web search results

WWW '99 Proceedings of the eighth international conference on World Wide Web
Evaluating document clustering for interactive information retrieval

Proceedings of the tenth international conference on Information and knowledge management
Machine learning in automated text categorization

ACM Computing Surveys (CSUR)
Document Warehousing and Text Mining: Techniques for Improving Business Operations, Marketing, and Sales

Document Warehousing and Text Mining: Techniques for Improving Business Operations, Marketing, and Sales
Document organization using Kohonen's algorithm

Information Processing and Management: an International Journal
Interactive Information Retrieval Using Clustering and Spatial Proximity

User Modeling and User-Adapted Interaction
Learning to cluster web search results

Proceedings of the 27th annual international ACM SIGIR conference on Research and development in information retrieval
Searching a file system using inferred semantic links

Proceedings of the sixteenth ACM conference on Hypertext and hypermedia
Connections: using context to enhance file search

Proceedings of the twentieth ACM symposium on Operating systems principles
Tapping the power of text mining

Communications of the ACM - Privacy and security in highly dynamic systems
Verifying the proximity and size hypothesis for self-organizing maps

Journal of Management Information Systems - Special section: Exploring the outlands of the MIS discipline
Tool review: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs

Digital Investigation: The International Journal of Digital Forensics & Incident Response
A neural-network learning theory and a polynomial time RBF algorithm

IEEE Transactions on Neural Networks

A Term Distribution Visualization Approach to Digital Forensic String Search

VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A survey of main memory acquisition and analysis techniques for the windows operating system

Digital Investigation: The International Journal of Digital Forensics & Incident Response
On metadata context in Database Forensics

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Unsupervised discovery of relations for analysis of textual data

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Extraction of forensically sensitive information from windows physical memory

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Post-retrieval search hit clustering to improve information retrieval effectiveness: Two digital forensics case studies

Decision Support Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current digital forensic text string search tools use match and/or indexing algorithms to search digital evidence at the physical level to locate specific text strings. They are designed to achieve 100% query recall (i.e. find all instances of the text strings). Given the nature of the data set, this leads to an extremely high incidence of hits that are not relevant to investigative objectives. Although Internet search engines suffer similarly, they employ ranking algorithms to present the search results in a more effective and efficient manner from the user's perspective. Current digital forensic text string search tools fail to group and/or order search hits in a manner that appreciably improves the investigator's ability to get to the relevant hits first (or at least more quickly). This research proposes and empirically tests the feasibility and utility of post-retrieval clustering of digital forensic text string search results - specifically by using Kohonen Self-Organizing Maps, a self-organizing neural network approach. This paper is presented as a work-in-progress. A working tool has been developed and experimentation has begun. Findings regarding the feasibility and utility of the proposed approach will be presented at DFRWS 2007, as well as suggestions for follow-on research.