Skip to content

Analyzing User-Event Data Using Score- Based Likelihood Ratios with Marked Point Processes

Journal: Digital Investigation
Published: 2017
Primary Author: Christopher Galbraith
Secondary Authors: Padhraic Smyth
Research Area: Digital

In this paper we investigate the application of score-based likelihood ratio techniques to the problem of detecting whether two time-stamped event streams were generated by the same source or by two different sources. We develop score functions for event data streams by building on ideas from the statistical modeling of marked point processes, focusing in particular on the coefficient of segregation and mingling index. The methodology is applied to a data set consisting of logs of computer activity over a 7-day period from 28 different individuals. Experimental results on known same-source and known different-source data sets indicate that the proposed scores have significant discriminative power in this context. The paper concludes with a discussion of the potential benefits and challenges that may arise from the application of statistical analysis to user-event data in digital forensics.

Related Resources

Forensic Analysis of Android Cloud SDKs

Forensic Analysis of Android Cloud SDKs

This presentation is from the 76th Annual Conference of the American Academy of Forensic Sciences (AAFS), Denver, Colorado, February 19-24, 2024.
The Impact of Multi-Camera Smart Phones on Source Camera Identification

The Impact of Multi-Camera Smart Phones on Source Camera Identification

An investigator has a questioned image from an unknown source and wants to determine whether it came from a camera on a person of interest’s smartphone. This scenario is referred…
Likelihood ratios for changepoints in categorical event data with applications in digital forensics

Likelihood ratios for changepoints in categorical event data with applications in digital forensics

We investigate likelihood ratio models motivated by digital forensics problems involving time-stamped user-generated event data from a device or account. Of specific interest are scenarios where the data may have…
Producing Datasets: Capturing Images on Multi-Camera Smartphones for Source Camera Identification

Producing Datasets: Capturing Images on Multi-Camera Smartphones for Source Camera Identification

This poster introduces the new CSAFE Multi-camera Smartphone Image Database and describes how the image were collected and reviewed.