Communications of the ACM - Special issue on parallelism
Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
GroupLens: applying collaborative filtering to Usenet news
Communications of the ACM
Online algorithms for finding profile association rules
Proceedings of the seventh international conference on Information and knowledge management
Communications of the ACM
ACM Transactions on Information Systems (TOIS)
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
Data Mining and Knowledge Discovery
Expert-Driven Validation of Rule-Based User Models in Personalization Applications
Data Mining and Knowledge Discovery
Mining e-mail content for author identification forensics
ACM SIGMOD Record
ICDE '95 Proceedings of the Eleventh International Conference on Data Engineering
Heuristic Measures of Interestingness
PKDD '99 Proceedings of the Third European Conference on Principles of Data Mining and Knowledge Discovery
Knowledge Discovery in Databases: An Attribute-Oriented Approach
VLDB '92 Proceedings of the 18th International Conference on Very Large Data Bases
Discovery of Multiple-Level Association Rules from Large Databases
VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
Mining Generalized Association Rules
VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
Mining Indirect Associations in Web Data
WEBKDD '01 Revised Papers from the Third International Workshop on Mining Web Log Data Across All Customers Touch Points
Investigative Profiling with Computer Forensic Log Data and Association Rules
ICDM '02 Proceedings of the 2002 IEEE International Conference on Data Mining
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime
Mining Sequential Patterns by Pattern-Growth: The PrefixSpan Approach
IEEE Transactions on Knowledge and Data Engineering
Unification of relative time frames for digital forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Investigative behavior profiling with one class SVM for computer forensics
MIWAI'11 Proceedings of the 5th international conference on Multi-Disciplinary Trends in Artificial Intelligence
Unsupervised discovery of relations for analysis of textual data
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.02 |
Developing profiles to describe user or system behaviour is a useful technique employed in Computer Forensic investigations. Information found in data obtained by investigators can often be used to establish a view of regular usage patterns which can then be examined for unusual occurrences. This paper describes one such method based on details provided by events found within computer forensic evidence. Events compiled from potentially numerous sources are grouped according to some criteria and frequently occurring event sequences are established. The methodology and techniques to extract and contrast these sequences are then described and discussed along with similar prior work in the same domain.