Abstract

Computer forensics is the preservation, analysis, and interpretation of computer data. Computer forensics is

dependent on the availability of software tools and applications. Such tools are critical components in law enforcement

investigations. Due to the diversity of cyber crime and cyber assisted crime, advanced software tools are essential

apparatus for typical law enforcement investigators, national security analysts, corporate emergency response teams,

civil lawyers, risk management personnel, etc.

Typical tools available to investigators are text-based, which are sorely inadequate given the volume of data needing

analysis in today’s environment. Many modern tools essentially provide simple GUIs to simplify access to typical textbased

commands but the capabilities are essentially the same. For simplicity we continue to refer to these as text-based

and command-based in constrast to the visualization tools and associated direct manipulation interfaces we are

attempting to develop. The reading of such large volumes of textual information is extremely time-consuming in

contrast with the interpretation of images through which the user can interpret large amounts of information

simultaneously. Forensic analysts have a growing need for new capabilities to aid in locating files holding evidence of

criminal activity. Such capabilities must improve both the efficiency of the analysis process and the identification of

additionally hidden files.

This paper discusses visualization research that more perceptually and intuitively represents file characteristics.

Additionally, we integrate interaction capabilities for more complete exploration, significantly improving analysis

efficiency. Finally, we discuss the results of an applied user study designed specifically to measure the efficacy of the

developed visualization capabilities in the analysis of computer forensic related data.

Share

COinS