•  
  •  
 

Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

Communication between people counts to the most important information of today’s business. As a result, in case of forensic investigations in big companies, analysis of communication data in general and especially email, as the still most widely used business communication platform with an immense and still growing volume, is a typical task in digital forensics. One of the challenges is to identify the relevant communication partners and structures in the suspects surrounding as quickly as possible in order to react appropriately and identify further targets of evaluation. Due to the amount of emails in typical inboxes, reading through all the mails renders impractical. Therefor, forensic investigators need tools that support them in quickly receiving an impression of a suspect’s email communication, identifying the relevant communication partners, and realizing communication patterns in single or even multiple email accounts. We introduce an open source forensic email analysis tool that provides exactly by means of a responsive and interactive graph visualization of email data supported by statistical information.

References

Abbasi, A., & Chen, H. (2008). Writeprints: A stylometric approach to identity-level identification and similarity detection in cyberspace.
ACM Transactions on Information Systems (TOIS), 26 (2), 7.

Bostock, M. (2011). D3 – Data-Driven-Documents.
Retrieved 2016-05-18, from http://d3js.org/

Eijkhoudt, A., & Suerink, T. (2013). Uforia: Universal forensic indexer and analyzer.
Journal of Computer Virology and Hacking Techniques, 9 (2), 59–63.

Garfinkel, S. L. (2010). Digital forensics research: The next 10 years.
digital investigation, 7 , S64–S73.

Hadjidj, R., Debbabi, M., Lounis, H., Iqbal, F., Szporer, A., & Benredjem, D. (2009). Towards an integrated e-mail forensi analysis framework.
digital investigation, 5 (3), 124–137.

Iqbal, F., Hadjidj, R., Fung, B. C., & Debbabi, M. (2008). A novel approach of mining write-prints for authorship attribution in e-mail forensics.
digital investigation, 5 , S42–S51.

Klimt, B., & Yang, Y. (2004). Introducing the enron corpus
In Ceas.

Li, W.-J., Hershkop, S., & Stolfo, S. J. (2004). Email archive analysis through graphical visualization.
In Proceedings of the 2004 acm workshop on visualization and data mining for computer security (pp. 128–132).

Meng, F., Wu, S., Yang, J., & Yu, G. (2009). Research of an e-mail forensic and analysis system based on visualization.
In Computational intelligence and industrial applications, 2009. paciia 2009. asia-pacific conference on (Vol. 1, pp. 281–284).

Metz, J. (2014). libpff library.
Retrieved 2016-11-09, from https://github.com/libyal/libpff

Radicati, S. (2014). Email statistics report, 2014-2018.
the radicati group. Inc., London.

DOI

https://doi.org/10.15394/jdfsl.2017.1413

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.