Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling
- Autores
- Gómez, Leopoldo Sebastián M.
- Año de publicación
- 2012
- Idioma
- inglés
- Tipo de recurso
- documento de conferencia
- Estado
- versión publicada
- Descripción
- Since it exist a huge backlog of cases and few digital forensic specialists in the Justice System, usually there is not possible to move them to contribute directly into the digital crime scene. On the other side, the law enforcement has a lack of skilled forensic staff available to perform forensic triage. Moreover, the reviews on the fly are taking significant time delays, under pressure, technical restrictions and time framed. At this point, when a suspect target system and data are found, it leads to be seized and moved to a dedicated forensic laboratory where the expert can perform the analysis of their content. Under some circumstances, all that may be required is to quickly and efficiently review a number of target systems to establish if they are likely to contain material of interest to an investigation. However, when the digital evidence comes to the specialist, he has a little knowledge of the previous stage, and it is difficult to make decisions about the priorities or activities on the sized devices. Such reviews are often referred to as "forensic triage" reviews and must be performed using forensically acceptable methods in order that any evidence that is identified during the forensic triage process is not damaged, modified or contaminated, literally or from a legal perspective, by the process of acquiring and reviewing the evidence. We have developed a novel triage tool, which tries to catch a criminal profile with an automated predictive classifier focused on child pornography and intellectual property theft. This software detects few critical attributes into the digital evidence and they are compared with other vectors of characteristics extracted from a digital data corpus based on devices of past cases. As a result of this automated process, a criminal profile prediction is done. This tool will assist to computer forensic experts, in order to make decisions about priorities to make full analysis of suspect devices or discard them with low probabilities of losing digital evidence. Our approach should be useful to mitigate the backlog of computer forensics laboratories.
Sociedad Argentina de Informática e Investigación Operativa - Materia
-
Ciencias Informáticas
Triage
Digital profiling
Prioritization
Case backlog reduction - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- http://creativecommons.org/licenses/by-nc-sa/4.0/
- Repositorio
.jpg)
- Institución
- Universidad Nacional de La Plata
- OAI Identificador
- oai:sedici.unlp.edu.ar:10915/124455
Ver los metadatos del registro completo
| id |
SEDICI_3a3c2c9c5cfb5f59f9beb1e0fdcde137 |
|---|---|
| oai_identifier_str |
oai:sedici.unlp.edu.ar:10915/124455 |
| network_acronym_str |
SEDICI |
| repository_id_str |
1329 |
| network_name_str |
SEDICI (UNLP) |
| spelling |
Triage in-Lab : Case Backlog Reduction with Forensic Digital ProfilingGómez, Leopoldo Sebastián M.Ciencias InformáticasTriageDigital profilingPrioritizationCase backlog reductionSince it exist a huge backlog of cases and few digital forensic specialists in the Justice System, usually there is not possible to move them to contribute directly into the digital crime scene. On the other side, the law enforcement has a lack of skilled forensic staff available to perform forensic triage. Moreover, the reviews on the fly are taking significant time delays, under pressure, technical restrictions and time framed. At this point, when a suspect target system and data are found, it leads to be seized and moved to a dedicated forensic laboratory where the expert can perform the analysis of their content. Under some circumstances, all that may be required is to quickly and efficiently review a number of target systems to establish if they are likely to contain material of interest to an investigation. However, when the digital evidence comes to the specialist, he has a little knowledge of the previous stage, and it is difficult to make decisions about the priorities or activities on the sized devices. Such reviews are often referred to as "forensic triage" reviews and must be performed using forensically acceptable methods in order that any evidence that is identified during the forensic triage process is not damaged, modified or contaminated, literally or from a legal perspective, by the process of acquiring and reviewing the evidence. We have developed a novel triage tool, which tries to catch a criminal profile with an automated predictive classifier focused on child pornography and intellectual property theft. This software detects few critical attributes into the digital evidence and they are compared with other vectors of characteristics extracted from a digital data corpus based on devices of past cases. As a result of this automated process, a criminal profile prediction is done. This tool will assist to computer forensic experts, in order to make decisions about priorities to make full analysis of suspect devices or discard them with low probabilities of losing digital evidence. Our approach should be useful to mitigate the backlog of computer forensics laboratories.Sociedad Argentina de Informática e Investigación Operativa2012-08info:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/publishedVersionObjeto de conferenciahttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdf217-225http://sedici.unlp.edu.ar/handle/10915/124455enginfo:eu-repo/semantics/altIdentifier/url/https://41jaiio.sadio.org.ar/sites/default/files/17_SID_2012.pdfinfo:eu-repo/semantics/altIdentifier/issn/1850-2814info:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by-nc-sa/4.0/Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-10-15T11:21:51Zoai:sedici.unlp.edu.ar:10915/124455Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-10-15 11:21:51.764SEDICI (UNLP) - Universidad Nacional de La Platafalse |
| dc.title.none.fl_str_mv |
Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling |
| title |
Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling |
| spellingShingle |
Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling Gómez, Leopoldo Sebastián M. Ciencias Informáticas Triage Digital profiling Prioritization Case backlog reduction |
| title_short |
Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling |
| title_full |
Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling |
| title_fullStr |
Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling |
| title_full_unstemmed |
Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling |
| title_sort |
Triage in-Lab : Case Backlog Reduction with Forensic Digital Profiling |
| dc.creator.none.fl_str_mv |
Gómez, Leopoldo Sebastián M. |
| author |
Gómez, Leopoldo Sebastián M. |
| author_facet |
Gómez, Leopoldo Sebastián M. |
| author_role |
author |
| dc.subject.none.fl_str_mv |
Ciencias Informáticas Triage Digital profiling Prioritization Case backlog reduction |
| topic |
Ciencias Informáticas Triage Digital profiling Prioritization Case backlog reduction |
| dc.description.none.fl_txt_mv |
Since it exist a huge backlog of cases and few digital forensic specialists in the Justice System, usually there is not possible to move them to contribute directly into the digital crime scene. On the other side, the law enforcement has a lack of skilled forensic staff available to perform forensic triage. Moreover, the reviews on the fly are taking significant time delays, under pressure, technical restrictions and time framed. At this point, when a suspect target system and data are found, it leads to be seized and moved to a dedicated forensic laboratory where the expert can perform the analysis of their content. Under some circumstances, all that may be required is to quickly and efficiently review a number of target systems to establish if they are likely to contain material of interest to an investigation. However, when the digital evidence comes to the specialist, he has a little knowledge of the previous stage, and it is difficult to make decisions about the priorities or activities on the sized devices. Such reviews are often referred to as "forensic triage" reviews and must be performed using forensically acceptable methods in order that any evidence that is identified during the forensic triage process is not damaged, modified or contaminated, literally or from a legal perspective, by the process of acquiring and reviewing the evidence. We have developed a novel triage tool, which tries to catch a criminal profile with an automated predictive classifier focused on child pornography and intellectual property theft. This software detects few critical attributes into the digital evidence and they are compared with other vectors of characteristics extracted from a digital data corpus based on devices of past cases. As a result of this automated process, a criminal profile prediction is done. This tool will assist to computer forensic experts, in order to make decisions about priorities to make full analysis of suspect devices or discard them with low probabilities of losing digital evidence. Our approach should be useful to mitigate the backlog of computer forensics laboratories. Sociedad Argentina de Informática e Investigación Operativa |
| description |
Since it exist a huge backlog of cases and few digital forensic specialists in the Justice System, usually there is not possible to move them to contribute directly into the digital crime scene. On the other side, the law enforcement has a lack of skilled forensic staff available to perform forensic triage. Moreover, the reviews on the fly are taking significant time delays, under pressure, technical restrictions and time framed. At this point, when a suspect target system and data are found, it leads to be seized and moved to a dedicated forensic laboratory where the expert can perform the analysis of their content. Under some circumstances, all that may be required is to quickly and efficiently review a number of target systems to establish if they are likely to contain material of interest to an investigation. However, when the digital evidence comes to the specialist, he has a little knowledge of the previous stage, and it is difficult to make decisions about the priorities or activities on the sized devices. Such reviews are often referred to as "forensic triage" reviews and must be performed using forensically acceptable methods in order that any evidence that is identified during the forensic triage process is not damaged, modified or contaminated, literally or from a legal perspective, by the process of acquiring and reviewing the evidence. We have developed a novel triage tool, which tries to catch a criminal profile with an automated predictive classifier focused on child pornography and intellectual property theft. This software detects few critical attributes into the digital evidence and they are compared with other vectors of characteristics extracted from a digital data corpus based on devices of past cases. As a result of this automated process, a criminal profile prediction is done. This tool will assist to computer forensic experts, in order to make decisions about priorities to make full analysis of suspect devices or discard them with low probabilities of losing digital evidence. Our approach should be useful to mitigate the backlog of computer forensics laboratories. |
| publishDate |
2012 |
| dc.date.none.fl_str_mv |
2012-08 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/conferenceObject info:eu-repo/semantics/publishedVersion Objeto de conferencia http://purl.org/coar/resource_type/c_5794 info:ar-repo/semantics/documentoDeConferencia |
| format |
conferenceObject |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://sedici.unlp.edu.ar/handle/10915/124455 |
| url |
http://sedici.unlp.edu.ar/handle/10915/124455 |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/url/https://41jaiio.sadio.org.ar/sites/default/files/17_SID_2012.pdf info:eu-repo/semantics/altIdentifier/issn/1850-2814 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) |
| dc.format.none.fl_str_mv |
application/pdf 217-225 |
| dc.source.none.fl_str_mv |
reponame:SEDICI (UNLP) instname:Universidad Nacional de La Plata instacron:UNLP |
| reponame_str |
SEDICI (UNLP) |
| collection |
SEDICI (UNLP) |
| instname_str |
Universidad Nacional de La Plata |
| instacron_str |
UNLP |
| institution |
UNLP |
| repository.name.fl_str_mv |
SEDICI (UNLP) - Universidad Nacional de La Plata |
| repository.mail.fl_str_mv |
alira@sedici.unlp.edu.ar |
| _version_ |
1846064274853593089 |
| score |
13.22299 |