Making Sense of Email Addresses on Drives
Loading...
Authors
Rowe, Neil C.
Schwamm, Riqui
McCarrin, Michael R.
Gera, Ralucca
Subjects
digital forensics
electronic mail
email
addresses
users
filtering
networks
visualization
electronic mail
addresses
users
filtering
networks
visualization
Advisors
Date of Issue
2016
Date
2016
Publisher
ADFSL
Language
Abstract
Drives found during investigations often have useful information in the form of email addresses,
which can be acquired by search in the raw drive data independent of the file system. Using these
data, we can build a picture of the social networks in which a drive owner participated, even
perhaps better than investigating their online profiles maintained by social-networking services,
because drives contain much data that users have not approved for public display. However,
many addresses found on drives are not forensically interesting, such as sales and support links.
We developed a program to filter these out using a Naïve Bayes classifier and eliminated 73.3% of
the addresses from a representative corpus. We show that the byte-offset proximity of the
remaining addresses found on a drive, their word similarity, and their number of co-occurrences
over a corpus are good measures of association of addresses, and we built graphs using this data of
the interconnections both between addresses and between drives. Results provided several new
insights into our test data.
Type
Article
Description
Series/Report No
Department
Computer Science (CS)
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
22 p.
Citation
Rowe, Neil C., et al. "Making Sense of Email Addresses on Drives." The Journal of Digital Forensics, Security and Law: JDFSL 11.2 (2016): 153.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.