Improving performance of forensics investigation with parallel coordinates visual analytics

Wang, WB; Huang, ML; Lu, LF; Zhang, J

Improving performance of forensics investigation with parallel coordinates visual analytics

Wang, WB Huang, ML

Lu, LF Zhang, J

Permalink

Publication Type:: Conference Proceeding
Citation:: Proceedings - 17th IEEE International Conference on Computational Science and Engineering, CSE 2014, Jointly with 13th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2014, 13th International Symposium on Pervasive Systems, Algorithms, and Networks, I-SPAN 2014 and 8th International Conference on Frontier of Computer Science and Technology, FCST 2014, 2015, pp. 1838 - 1843
Issue Date:: 2015-01-26

Closed Access

	Filename	Description	Size
	2014-FCST.pdf	Published version	946.2 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Wang, WB	en_US
dc.contributor.author	Huang, ML https://orcid.org/0000-0002-6896-6480	en_US
dc.contributor.author	Lu, LF	en_US
dc.contributor.author	Zhang, J https://orcid.org/0000-0001-6580-1683	en_US
dc.date.issued	2015-01-26	en_US
dc.identifier.citation	Proceedings - 17th IEEE International Conference on Computational Science and Engineering, CSE 2014, Jointly with 13th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2014, 13th International Symposium on Pervasive Systems, Algorithms, and Networks, I-SPAN 2014 and 8th International Conference on Frontier of Computer Science and Technology, FCST 2014, 2015, pp. 1838 - 1843	en_US
dc.identifier.isbn	9781479979813	en_US
dc.identifier.uri	http://hdl.handle.net/10453/35378
dc.description.abstract	© 2014 IEEE. Computer forensics investigators aim to analyse and present facts through the examination of digital evidences in short times. As the volume of suspicious data is becoming large, the difficulties of catching the digital evidence in a legally acceptable time are high. This paper proposes an effective method for reducing investigation time redundancy to achieve the normalization of data on hard disk drives (HDD) for computer forensics. We use visualization techniques, parallel coordinates, to analyse data instead of using data analysis algorithms only, and also choose a Red-Black tree structure to de-duplicate data. It reduces the time complexity, including the time spent of searching data, adding data as well as deleting data. We show the advantages of our approach; moreover, we demonstrate how this method can enhance the efficiency and quality of computer forensics task.	en_US
dc.relation.ispartof	Proceedings - 17th IEEE International Conference on Computational Science and Engineering, CSE 2014, Jointly with 13th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2014, 13th International Symposium on Pervasive Systems, Algorithms, and Networks, I-SPAN 2014 and 8th International Conference on Frontier of Computer Science and Technology, FCST 2014	en_US
dc.relation.isbasedon	10.1109/CSE.2014.337	en_US
dc.title	Improving performance of forensics investigation with parallel coordinates visual analytics	en_US
dc.type	Conference Proceeding
utslib.for	080605 Decision Support and Group Support Systems	en_US
utslib.for	080499 Data Format not elsewhere classified	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/DVC (Research)
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	/University of Technology Sydney/Strength - INEXT - Innovation in IT Services and Applications
pubs.organisational-group	/University of Technology Sydney/Students
utslib.copyright.status	closed_access
pubs.publication-status	Published	en_US

Abstract:

© 2014 IEEE. Computer forensics investigators aim to analyse and present facts through the examination of digital evidences in short times. As the volume of suspicious data is becoming large, the difficulties of catching the digital evidence in a legally acceptable time are high. This paper proposes an effective method for reducing investigation time redundancy to achieve the normalization of data on hard disk drives (HDD) for computer forensics. We use visualization techniques, parallel coordinates, to analyse data instead of using data analysis algorithms only, and also choose a Red-Black tree structure to de-duplicate data. It reduces the time complexity, including the time spent of searching data, adding data as well as deleting data. We show the advantages of our approach; moreover, we demonstrate how this method can enhance the efficiency and quality of computer forensics task.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/35378