Constructing and classifying email networks from raw forensic images
Download
Author
Allen, Gregory
Date
2016-09Advisor
McCarrin, Michael
Gera, Relucca
Metadata
Show full item recordAbstract
Email addresses extracted from secondary storage devices are important to a forensic analyst when conducting an investigation. They can provide insight into the user's social network and help identify other potential persons of interest. However, a large portion of the email addresses from any given device are artifacts of installed software and are of no interest to the analyst.We propose a method for discovering relevant email addresses by creating graphs consisting of extracted email addresses along with their byte-offset location in storage.We compute certain global attributes of these graphs to construct feature vectors, which we use to classify graphs into useful and not useful categories. This process filters out the majority of uninteresting email addresses. We show that using the network topological measures on the dataset tested, Naïve Bayes and SVM were successful in identifying 100% and 95:5%, respectively, of all graphs that contained useful email addresses both with areas under the curve above :97 and F1 scores at :80 and :90 for Naïve Bayes and SVM, respectively. Our results show that using network science metrics as attributes to classify graphs of email addresses based on the graph's topology could be an effective and efficient tool for automatically delivering evidence to an analyst.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Making Sense of Email Addresses on Drives
Rowe, Neil C.; Schwamm, Riqui; McCarrin, Michael R.; Gera, Ralucca (ADFSL, 2016);Drives found during investigations often have useful information in the form of email addresses, which can be acquired by search in the raw drive data independent of the file system. Using these data, we can build a picture ... -
Constructing social networks from secondary storage with bulk analysis tools
Green, Janina L. (Monterey, California: Naval Postgraduate School, 2016-06);Intelligence analysts depend on the ability to understand the social networks of suspects and adversaries. We develop a novel method for automatically discovering this information from digital storage media by analyzing ... -
STRUCTURAL PROPERTIES OF I-GRAPHS: THEIR INDEPENDENCE NUMBERS AND CAYLEY GRAPHS
Klein, Zachary J. (Monterey, CA; Naval Postgraduate School, 2020-06);We discuss in this paper the independence numbers and algebraic properties of I-graphs. The I-graphs are a further generalization of the Generalized Petersen graphs whose independence numbers have been previously researched. ...