The Association of Digital Forensics, Security and Law (ADFSL)


This paper examines the problems faced by Law Enforcement in searching large quantities of electronic evidence. It examines the use of ontologies as the basis for new forensic software filters and provides a proof of concept tool based on an ontological design. It demonstrates that efficient searching is produced through the use of such a design and points to further work that might be carried out to extend this concept.


Anderson, M. (2001), “Hard Disk Drives – Bigger is not Better”, http://www.forensics-intl.com/art14.html, 14 April 2005.

Beckett, J. (2005), “Future Directions Framework”, State Electronic Evidence Branch, NSW Police, Sydney, Australia.

Berghel, H. (2003), “The Discipline of Internet Forensics”, Communications of the ACM, 46(8), 15-20.

Biskup, J. & Embly, D. W. (2003), “Extracting Information from Heterogeneous Information Sources Using Ontologically Specified Target Views”, Information Systems, 28(3), 169-212.

Ding, Y. & Foo, S. (2002), “Ontology Research and Development. Part I – A Review of Ontology Generation”, Journal of Information Science, 28(2), 123- 136.

Gruber, T. R. (1993), “A Transition Approach to Portable Ontology Specifications”, Knowledge Acquisition, 5(2), 199-220.

Gruenwald, L., McNutt, G. & Mercier, A. (2003), “Using An Ontology To Improve Search In A Terrorism Database System”, Proceedings. 14th International Workshop on Database and Expert Systems Applications,753- 757.

Hama, G. K. & Pollitt, M. M. (1996), “Data Reduction – Refining the Sieve”, Second International Organisation on Computer Evidence, http://www.digitalevidencepro.com/Resources/Sieve1.pdf, 17 April 2005.

Holsapple, C. & Joshi, K. D. (2002), “A Collaborative Approach to Ontology Design”, Communications of the ACM, 45(2), 42-47.

Lammari, N. & Métais, E. (2004), “Building and Maintaining Ontologies: A Set of Algorithms”, Data & Knowledge Engineering, 48(2), 155-176.

Mahalingam, K. & Huhns, M. N. (1997), “A Tool for Organising Web Information”, Computer, 30(6), 80-83.

Michaud, D. (2001), “Adventures in Computer Forensics”, http://www.sans.org/rr/whitepapers/incident/638.php, 15th April 2005.

McDaniel, M. & Heydari, M. (2002), “Content Based File Type Detection Algorithms”, 36th Hawaii International Conference on System Sciences.

McKemmish, R. (1999), “What is Forensic Computing?”, Australian Institute of Criminology, Paper 1-6, Canberra, Australia.

Mohay, G. (2005), “Technical Challenges and Directions for Digital Forensics”, Proceedings of SADFE 2005, Taipei, 7 November.

National Institute of Justice (2004), “Forensic Examination of Digital Evidence: A Guide for Law Enforcement”, U.S. Department of Justice, Washington.

Noblett, M., Pollitt, M., Presley, L. (2000), “Recovering and Examining Computer Forensic Evidence”, Forensic Science Communications, 2(4).

Noy, N. F. & McGuinness, D. L. (2001), “Ontology Development 101: A Guide to Creating Your First Ontology”, Stanford Knowledge Systems Laboratory, http://protege.stanford.edu/publications/ontology_development/ontology101- noy-mcguinness.html, 14th May 2005.

Slay, J & Jorgenson, K. (2005), “Forensics Computing for Field Investigation: Application of Filter Clusters to Reduce Search State Space”. Advances in Digital Forensics. Springer, Dortrecht, The Netherlands.

Souza, K. X. S., Santos, A. D., and Evangelista, S. R. M. 2003, “Visualisation of Ontologies Through Hypertrees”, ACM International Conference Proceeding Series, Vol 46, 251-255.

Stojanovic, N. (2005), “On the query refinement in the ontology -based searching for information”, Information Systems, 30(7), 543-563.

Zúñiga, G. L. 2001, “Ontology: its transformation from philosophy to information systems”, Proceedings of the international conference on Formal Ontology in Information Systems, 187-197.




To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.