DESO: Addressing volume and variety in large-scale criminal cases

TY - JOUR

T1 - DESO: Addressing volume and variety in large-scale criminal cases

AU - Brady, Owen Defries

AU - Overill, Richard Edward

AU - Keppens, Jeroen

PY - 2015/11/3

Y1 - 2015/11/3

N2 - This paper proposes a mechanism for dealing with the growing variety and volume of digital evidence in a criminal investigation.The challenges posed by this growth have been long recognised and documented. There have been solutions aimed at processing bulk data and others based on event correlation or time lines. Instead we examine if there is an alternate method: to classify digital evidence artefacts in a way that assists selection of the potentially relevant evidence before processing any material. In so doing we wish to avoid generating bulk data and instead start viewing digital evidence from an investigative perspective – not a technological one.This paper details the continuing development of an ontology for this purpose – the Digital Evidence Semantic Ontology (DESO). This provides an index to a repository of known digital evidence artefacts which are classified according to the location that they are found and the information they represent. Further, this paper also demonstrates how DESO can be applied to criminal investigations to assist lines of enquiry.

AB - This paper proposes a mechanism for dealing with the growing variety and volume of digital evidence in a criminal investigation.The challenges posed by this growth have been long recognised and documented. There have been solutions aimed at processing bulk data and others based on event correlation or time lines. Instead we examine if there is an alternate method: to classify digital evidence artefacts in a way that assists selection of the potentially relevant evidence before processing any material. In so doing we wish to avoid generating bulk data and instead start viewing digital evidence from an investigative perspective – not a technological one.This paper details the continuing development of an ontology for this purpose – the Digital Evidence Semantic Ontology (DESO). This provides an index to a repository of known digital evidence artefacts which are classified according to the location that they are found and the information they represent. Further, this paper also demonstrates how DESO can be applied to criminal investigations to assist lines of enquiry.

KW - Big data; Cyber forensics; Digital evidence; Ontology; Criminal investigation; Digital investigation; Artefacts

UR - https://www.scopus.com/record/display.uri?eid=2-s2.0-84951980744&origin=inward&txGid=0

U2 - 10.1016/j.diin.2015.10.002

DO - 10.1016/j.diin.2015.10.002

M3 - Article

SN - 1742-2876

VL - 15

SP - 72

EP - 82

JO - Digital Investigation

JF - Digital Investigation

ER -