Towards an integrated e-mail forensic analysis framework

Authors:
Rachid Hadjidj;Mourad Debbabi;Hakim Lounis;Farkhund Iqbal;Adam Szporer;Djamel Benredjem
Affiliations:
Computer Security Laboratory, Concordia University, 1455 de Maisonneuve West, EV 7-642, Montreal, Quebec, Canada H3G 1M8;Computer Security Laboratory, Concordia University, 1455 de Maisonneuve West, EV 7-642, Montreal, Quebec, Canada H3G 1M8;Computer Security Laboratory, Concordia University, 1455 de Maisonneuve West, EV 7-642, Montreal, Quebec, Canada H3G 1M8;Computer Security Laboratory, Concordia University, 1455 de Maisonneuve West, EV 7-642, Montreal, Quebec, Canada H3G 1M8;Computer Security Laboratory, Concordia University, 1455 de Maisonneuve West, EV 7-642, Montreal, Quebec, Canada H3G 1M8;Computer Security Laboratory, Concordia University, 1455 de Maisonneuve West, EV 7-642, Montreal, Quebec, Canada H3G 1M8
Venue:
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Year:
2009

Citing 13
Cited 2

Mining association rules between sets of items in large databases

SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Automatic subspace clustering of high dimensional data for data mining applications

SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Mining e-mail content for author identification forensics

ACM SIGMOD Record
Induction of Decision Trees

Machine Learning
Text Categorization with Suport Vector Machines: Learning with Many Relevant Features

ECML '98 Proceedings of the 10th European Conference on Machine Learning
Gender-Preferential Text Mining of E-mail Discourse

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
MET: an experimental system for Malicious Email Tracking

Proceedings of the 2002 workshop on New security paradigms
A framework for authorship identification of online messages: Writing-style features and classification techniques

Journal of the American Society for Information Science and Technology
A temporal based forensic analysis of electronic communication

dg.o '06 Proceedings of the 2006 international conference on Digital government research
Adding Semantics to Email Clustering

ICDM '06 Proceedings of the Sixth International Conference on Data Mining
Writeprints: A stylometric approach to identity-level identification and similarity detection in cyberspace

ACM Transactions on Information Systems (TOIS)
Authorship analysis in cybercrime investigation

ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics
A novel approach of mining write-prints for authorship attribution in e-mail forensics

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Towards event ordering in digital forensics

Proceedings of the 12th ACM workshop on Multimedia and security
A Framework for the Forensic Analysis of User Interaction with Social Media

International Journal of Digital Crime and Forensics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Due to its simple and inherently vulnerable nature, e-mail communication is abused for numerous illegitimate purposes. E-mail spamming, phishing, drug trafficking, cyber bullying, racial vilification, child pornography, and sexual harassment are some common e-mail mediated cyber crimes. Presently, there is no adequate proactive mechanism for securing e-mail systems. In this context, forensic analysis plays a major role by examining suspected e-mail accounts to gather evidence to prosecute criminals in a court of law. To accomplish this task, a forensic investigator needs efficient automated tools and techniques to perform a multi-staged analysis of e-mail ensembles with a high degree of accuracy, and in a timely fashion. In this article, we present our e-mail forensic analysis software tool, developed by integrating existing state-of-the-art statistical and machine-learning techniques complemented with social networking techniques. In this framework we incorporate our two proposed authorship attribution approaches; one is presented for the first time in this article.