Skip to content

Analyzing User-Event Data Using Score- Based Likelihood Ratios with Marked Point Processes

Journal: Digital Investigation
Published: 2017
Primary Author: Christopher Galbraith
Secondary Authors: Padhraic Smyth
Research Area: Digital

In this paper we investigate the application of score-based likelihood ratio techniques to the problem of detecting whether two time-stamped event streams were generated by the same source or by two different sources. We develop score functions for event data streams by building on ideas from the statistical modeling of marked point processes, focusing in particular on the coefficient of segregation and mingling index. The methodology is applied to a data set consisting of logs of computer activity over a 7-day period from 28 different individuals. Experimental results on known same-source and known different-source data sets indicate that the proposed scores have significant discriminative power in this context. The paper concludes with a discussion of the potential benefits and challenges that may arise from the application of statistical analysis to user-event data in digital forensics.

Related Resources

Statistical Methods for the Forensic Analysis of User-Event Data

Statistical Methods for the Forensic Analysis of User-Event Data

A common question in forensic analysis is whether two observed data sets originate from the same source or from different sources. Statistical approaches to addressing this question have been widely…
Statistical Methods for the Forensic Analysis of Geolocated Event Data

Statistical Methods for the Forensic Analysis of Geolocated Event Data

A common question in forensic analysis is whether two observed data sets originated from the same source or from different sources. Statistical approaches to addressing this question have been widely…
Statistical models to predict exposure settings using two different iPhone camera apps

Statistical models to predict exposure settings using two different iPhone camera apps

The StegoAppDB [Newman, J. (2019)] is a digital image database containing camera data from Android and iPhone mobile phones and developed for forensic purposes. Taken with a custom-designed camera app…
Statistical methods for digital image forensics: Algorithm mismatch for blind spatial steganalysis and score-based likelihood ratios for camera device identification

Statistical methods for digital image forensics: Algorithm mismatch for blind spatial steganalysis and score-based likelihood ratios for camera device identification

Forensic science currently faces a variety of challenges. Statistically suitable reference databases need to be developed and maintained. Subjective methods that can introduce bias need to be replaced by objective…