Abstract

Criminal network analysis tools are widely used by law enforcement, mainly in cases of organized crime. The data required for a majority of these tools are police records and databases. In many cases, forensically collected data contains valuable information about the suspect’s social network. This information is normally obtained by manual inspection of the collected documents using forensic tools’ queries and other basic search features. The information is then manually entered in the police database. There are no known tools that provide methods to automatically extract social networks from raw documents on behalf of the investigator add them to a knowledge base and then analyze them. In this thesis, we propose a method that is capable of performing these tasks. In our proposed system, we claim three distinct contributions to cyber forensics investigations. The first is by constructing the social network of one or multiple suspects from documents in a file system. Secondly, we provide an analysis of the interactions and structures of these social networks and the communities comprising them. Thirdly, potential evidence and leads are identified by extracting conceptual links between members of the social network across the document set.
Finally, the proposed method is implemented and experimental results are obtained to demonstrate the feasibility of the approach.