Measuring the Relevance of Evidence Sources in Digital Forensics Investigations (ISTI Grants for Young Mobility seminar series)

Day - Time: 23 November 2016, h.10:30
Place: Area della Ricerca CNR di Pisa - Room: C-29

Andrea Esuli


In forensics investigations, several digital sources exist that can be used to provide evidence for a crime case, from CCTVs to NFC readers, and from network routers to PC hard-disks. Inspecting all the potential sources that might be relevant to the crime can be time consuming. Moreover, different sources might provide similar case-relevant information, whilst requiring different costs of inspection, both in terms of time, and in terms of resources to be involved in the inspection. Means are therefore required to prioritise the evidence sources based on their relevance and cost. The seminar will present the research currently performed towards the solution of this problem. In particular, we will outline the different concepts of relevance available in the literature, and we will describe the notion of evidential relevance applied to digital forensics investigations. In addition we will discuss the ongoing work concerning the usage of Bayesian Network to estimate the relevance of evidence sources during forensics investigations, and potential directions to combine relevance and cost estimates.