Skip to content

Analyzing User-Event Data Using Score- Based Likelihood Ratios with Marked Point Processes

Journal: Digital Investigation
Published: 2017
Primary Author: Christopher Galbraith
Secondary Authors: Padhraic Smyth
Research Area: Digital

In this paper we investigate the application of score-based likelihood ratio techniques to the problem of detecting whether two time-stamped event streams were generated by the same source or by two different sources. We develop score functions for event data streams by building on ideas from the statistical modeling of marked point processes, focusing in particular on the coefficient of segregation and mingling index. The methodology is applied to a data set consisting of logs of computer activity over a 7-day period from 28 different individuals. Experimental results on known same-source and known different-source data sets indicate that the proposed scores have significant discriminative power in this context. The paper concludes with a discussion of the potential benefits and challenges that may arise from the application of statistical analysis to user-event data in digital forensics.

Related Resources

Likelihood ratios for categorical count data with applications in digital forensics

Likelihood ratios for categorical count data with applications in digital forensics

We consider the forensic context in which the goal is to assess whether two sets of observed data came from the same source or from different sources. In particular, we…
CSAFE Project Update & ASCLD FRC Collaboration

CSAFE Project Update & ASCLD FRC Collaboration

This presentation highlighted CSAFE’s collaboration with the ASCLD FRC Collaboration Hub.
Forensic Analysis on Android Social Networking Applications

Forensic Analysis on Android Social Networking Applications

This presentation is from the 75th Anniversary Conference of the American Academy of Forensic Sciences, Orlando, Florida, February 13-18, 2023. Posted with permission of CSAFE.
Source Camera Identification on Multi-Camera Phones

Source Camera Identification on Multi-Camera Phones

Camera identification addresses the scenario where an investigator has a questioned digital image from an unknown camera. The investigator wants to know whether the questioned image was taken by a…