Document Type
Article
Publication Version
Published Version
Publication Date
8-2017
Journal or Book Title
Digital Investigation
Volume
22
First Page
S106
Last Page
S114
DOI
10.1016/j.diin.2017.06.009
Abstract
In this paper we investigate the application of score-based likelihood ratio techniques to the problem of detecting whether two time-stamped event streams were generated by the same source or by two different sources. We develop score functions for event data streams by building on ideas from the statistical modeling of marked point processes, focusing in particular on the coefficient of segregation and mingling index. The methodology is applied to a data set consisting of logs of computer activity over a 7-day period from 28 different individuals. Experimental results on known same-source and known different-source data sets indicate that the proposed scores have significant discriminative power in this context. The paper concludes with a discussion of the potential benefits and challenges that may arise from the application of statistical analysis to user-event data in digital forensics.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Copyright Owner
The Authors
Copyright Date
2017
Language
en
File Format
application/pdf
Recommended Citation
Galbraith, Christopher and Smyth, Padhraic, "Analyzing user-event data using score-based likelihood ratios with marked point processes" (2017). CSAFE Publications. 14.
https://lib.dr.iastate.edu/csafe_pubs/14
Comments
This is an article published as Galbraith, Christopher, and Padhraic Smyth. "Analyzing user-event data using score-based likelihood ratios with marked point processes." Digital Investigation 22 (2017): S106-S114. Posted with permission.