Document Type

Article

Publication Version

Published Version

Publication Date

8-2017

Journal or Book Title

Digital Investigation

Volume

22

First Page

S106

Last Page

S114

DOI

10.1016/j.diin.2017.06.009

Abstract

In this paper we investigate the application of score-based likelihood ratio techniques to the problem of detecting whether two time-stamped event streams were generated by the same source or by two different sources. We develop score functions for event data streams by building on ideas from the statistical modeling of marked point processes, focusing in particular on the coefficient of segregation and mingling index. The methodology is applied to a data set consisting of logs of computer activity over a 7-day period from 28 different individuals. Experimental results on known same-source and known different-source data sets indicate that the proposed scores have significant discriminative power in this context. The paper concludes with a discussion of the potential benefits and challenges that may arise from the application of statistical analysis to user-event data in digital forensics.

Comments

This is an article published as Galbraith, Christopher, and Padhraic Smyth. "Analyzing user-event data using score-based likelihood ratios with marked point processes." Digital Investigation 22 (2017): S106-S114. Posted with permission.

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Copyright Owner

The Authors

Language

en

File Format

application/pdf

Share

COinS