{"id":9794,"date":"2020-01-08T11:15:55","date_gmt":"2020-01-08T17:15:55","guid":{"rendered":"https:\/\/forensicstats.org\/?p=9794"},"modified":"2022-10-28T13:49:28","modified_gmt":"2022-10-28T18:49:28","slug":"insights-quantifying-the-association-between-discrete-event-time-series-with-applications-to-digital-forensics","status":"publish","type":"post","link":"https:\/\/forensicstats.org\/blog\/2020\/01\/08\/insights-quantifying-the-association-between-discrete-event-time-series-with-applications-to-digital-forensics\/","title":{"rendered":"Insights: Quantifying the Association Between Discrete Event Time Series with Applications to Digital Forensics"},"content":{"rendered":"\t\t
Effects of Proficiency and Cross-examination<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t Digital devices provide a new opportunity to examiners because for every user event \u2014 like opening software, browsing online, or sending an email \u2014 an event time series is created, logging that data. Yet, using this type of user-generated event data can be difficult to correlate between Christopher Galbraith Journal of the Royal Statistical Society<\/p> January 2020<\/p> IN 102 DIG<\/span><\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t Investigate suitable measures to quantify the association between two event series on digital devices.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t Determine the likelihood that the series were generated by the same source or by different sources \u2013\u2013 ultimately to assess the degree of association between the two event series.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t Researchers explored a variety of measures for quantifying the association between two discrete event time series. They used multiple score functions to determine the similarity between the series. These score functions were discriminative for same- and different-source pairs of event series.<\/p> The following methods for assessing the strength of association for a given pair of event series proved most accurate:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t Constructing score-based likelihood ratios (SLRs)<\/strong> that assess the relative likelihood of observing a given degree of association when the series came from the same or different sources. This uses a population-based approach.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t Calculating coincidental match probabilities (CMPs)<\/strong> to simulate a different-source score distribution via what the research team refers to as sessionized resampling when working with a single pair of event series. When a sample from a relevant population is not available, this method still produces accurate results.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\tOVERVIEW<\/h2>
two devices for examiners. The research team set out to quantify the degree of association between two event time series both with and without population data<\/em>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\tLead Researchers<\/h6>
Padhraic Smyth
Hal S. Stern<\/p>Journal<\/h6>
Publication Date<\/h6>
Publication Number<\/h6>
The Goals<\/h2>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
1<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
2<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
APPROACH AND METHODOLOGY<\/h2>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
1<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
2<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t