Forensic investigation method and tool based on the user behaviour analysis

Namheun Son, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)


Today, people use a variety of digital devices, and events taking place in them are stored in specific forms mostly including data indicating when each event took place. So far, different methods have been constantly researched and developed to analyse various events, most of which analyse event data unnecessary for a forensic investigation. As a result, investigators should carry out additional work to select data needed for an actual investigation, making the process of analysis more difficult and longer. Besides, since the capacity of storage media gets higher and events become more diversified, such a phenomenon seems gradually worsened. Thus, this paper suggests a timeline-based method of checking 'users' behaviour patterns' at a look by analysing, interpreting and visualizing various user behaviour-based events in a short time, since time information exists in digital devices. Moreover, the range of analyses can be widened since investigators can analyse events through computer and smartphone used most out of all the digital devices, not simply through a single system.

Original languageEnglish
Title of host publicationProceedings of the 9th Australian Digital Forensics Conference
Number of pages9
Publication statusPublished - 2011
Event9th Australian Digital Forensics Conference - Perth, WA, Australia
Duration: 2011 Dec 52011 Dec 7

Publication series

NameProceedings of the 9th Australian Digital Forensics Conference


Other9th Australian Digital Forensics Conference
CityPerth, WA


  • Event based
  • Smartphone Forensics
  • Timeline-based
  • User Behaviour
  • Visualization

ASJC Scopus subject areas

  • Information Systems


Dive into the research topics of 'Forensic investigation method and tool based on the user behaviour analysis'. Together they form a unique fingerprint.

Cite this