The Association of Digital Forensics, Security and Law (ADFSL)


This research uses two recently introduced observer rating scales, (Shaw et al., 2013) for the identification and measurement of negative sentiment (the Scale for Negativity in Text or SNIT) and insider risk (Scale of Indicators of Risk in Digital Communication or SIRDC) in communications to test the performance of psycholinguistic software designed to detect indicators of these risk factors. The psycholinguistic software program, WarmTouch (WT), previously used for investigations, appeared to be an effective means for locating communications scored High or Medium in negative sentiment by the SNIT or High in insider risk by the SIRDC within a randomly selected sample from the Enron archive. WT proved less effective in locating emails Low in negative sentiment on the SNIT and Low in insider risk on the SIRDC. However, WT performed extremely well in identifying communications from actual insiders randomly selected from case files and inserted in this email sample. In addition, it appeared that WT’s measure of perceived Victimization was a significant supplement to using negative sentiment alone, when it came to searching for actual insiders. Previous findings ( Shaw et al., 2013) indicate that this relative weakness in identifying low levels of negative sentiment may not impair WT’s usefulness for identifying communications containing significant indications of insider risk because of the very low base rate and low severity of insider risk at Low levels of negative sentiment (Shaw et al., 2013). Although many of the “false positives” acquired in the successful search for actual insiders in this experiment were shown to be true positives for other forms of insider risk, WT still produced fairly high rates of false positives that could burden analysts, as described by the search times provided. As further research and development proceeds to address this problem, we again recommend the use of WT in an integrated multi-disciplinary array of detection methods that will serve as an initial screen to narrow the search for individuals at-risk for insider activities. The implications for insider threat research, detection and prevention are discussed.


Hermann, M.G. (1980). Explaining foreign policy behavior using the personal characteristics of political leaders. International Studies Quarterly, 24: 7-46.

O’Brien, T. (2005). The rise of digital thugs. New York Times, August 7, 2005, Business section, p. 1.

Shaw, E. D., Payri, M., Cohn, M., and Shaw, I. R. (2013). How often is employee anger an insider risk I? Detecting and measuring negative sentiment versus insider risk in digital communications. Journal of Digital Forensics, Security and Law, 8(1): 39-71.

Shaw, E. D. (2006). The role of behavioral research and profiling in malicious cyber insider investigations. The International Journal of Digital Forensics and Incident Response, 3: 20-31.

Shaw, E. D., and Stock, H. (2011). Behavioral risk indicators of malicious insider theft of intellectual property: Misreading the writing on the wall. Symantec Corporation, White Paper. Retrieved from http://investor.symantec.com/phoenix.zhtml?c=89422&p=irol-newsArticle on December 7, 2011.

Shaw, E. D., and Stroz, E. (2004). WarmTouch software: Assessing friend, foe and, relationship. In T. Parker (Ed), Cyber adversary characterization: Auditing the hacker mind. Maryland Heights, MO: Syngress Publications.

Shaw, E. D., and Wirth-Beaumont, E. (2004). WarmTouch codebook and algorithms. Shaw Stroz LLC.

Shaw, E. D. (2003). Saddam Hussein: Political psychological profiling results relevant to his possession, use and possible transfer of weapons of mass destruction (WMD) to terrorist groups. Studies in Conflict and Terrorism, 26: 347-364.

Weintraub, W. (1986). Personality profiles of American presidents as revealed in their public statements: The presidential news conferences of Jimmy Carter and Ronald Reagan. Political Psychology, 7: 285-295.

Weintraub, W. (1989). Verbal Behavior in Everyday Life. Springer.

Winter, D. G, Hermann, M. G, Weintraub W, and Walker, S. G. (1991). The personalities of Bush and Gorbachev measured at a distance: Procedures, portraits and policy. Political Psychology, 2: 215-245.




To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.