Creating and understanding email communication networks to aid digital forensic investigations

McCarrin, Michael; Green, Janina; Gera, Ralucca

Creating and understanding email communication networks to aid digital forensic investigations

Files

Gera_Creating and understanding email_preprint_2018.pdf (1.76 MB)

Authors

McCarrin, Michael

Green, Janina

Gera, Ralucca

Date of Issue

2018-06-14

Publisher

Cornell University Library

Abstract

Digital forensic analysts depend on the ability to understand the social networks of the individuals they investigate. We develop a novel method for automatically constructing these networks from collected hard drives. We accomplish this by scanning the raw storage media for email addresses, constructing co-reference networks based on the proximity of email addresses to each other, then selecting connected components that correspond to real communication networks. We validate our analysis against a tagged data-set of networks for which we determined ground truth through interviews with the drive owners. In the resulting social networks, we find that classical measures of centrality and community detection algorithms are effective for identifying important nodes and close associates.

Type

Article

URI

https://hdl.handle.net/10945/59229

Department

Computer Science (CS)

Organization

Naval Postgraduate School (U.S.)

Format

6 p.

Citation

McCarrin, Michael, Janina Green, and Ralucca Gera. "Creating and understanding email communication networks to aid digital forensic investigations." arXiv preprint arXiv:1806.05327 (2018).

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

Collections

Publications

Full item page

Naval Postgraduate School

Dudley Knox Library