Journal article
A comparison of machine learning techniques for file system forensics analysis

Research Areas
Currently no objects available

Publication Details
Author list: Rami Mustafa A. Mohammad and Mohammed Alqahtani
Publisher: Elsevier
Publication year: 2019
Journal: Journal of Information Security and Applications
Journal name in source: Journal of Information Security and Applications
Volume number: 46
Issue number: June 2019
Start page: 53
End page: 61
Number of pages: 9
ISSN: 2214-2126
Web of Science ID: 000467422300005
PubMed ID:
Scopus ID: 85062418972
eISSN: 2214-2134

With the remarkable increase in computer crimes – particularly Internet related crimes – digital forensics become an urgent and a timely issue to study. Normally, digital forensics investigation aims to preserve any evidence in its most original form by identifying, collecting, and validating the digital information for the purpose of reconstructing past events. Most digital evidence is stored within the computer's file system. This research investigates and evaluates the applicability of several machine learning techniques in identifying incriminating evidence by tracing historical file system activities in order to determine how these files can be manipulated by different application programs. A dataset defined by a matrix/vector of features related to file system activity during a specific period of time has been collected. Such dataset has been used to train several machine learning techniques. Overall, the considered machine learning techniques show good results when they have been evaluated using a testing dataset containing unseen evidence. However, all algorithms encountered an essential obstacle that could be the main reason as why the experimental results were less than expectation that is the overlaps among the file system activities.

Currently no objects available

Currently no objects available

Currently no objects available

Last updated on 2019-21-11 at 08:37