Skip to main content
SpringerLink
Log in

A granular approach for user-centric network analysis to identify digital evidence

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Recently, a tremendous advancement has been made in the field of network and communication. A usage of pervasive applications for machine-to-machine communication is increasing day by day. Digital forensic examiners are facing different type of problems. The most prominent problems among the research community are data overload, data modeling, data characterization and data presentation. This paper addresses these issues by analyzing a dataset of instant messages (IMs) over the period of 2 years and 4-months. Various patterns of interaction between target user and his/her buddies are analyzed through Social Network Analysis (SNA). The strength of relationship e.g. close, fair, temporary, etc. between each pair of users is determined by analyzing their social interaction ratio with respect to the chat frequency of overall network. The characterization of IMs is to identify the interaction between various actors from Social Network of Instant Messages (SNIM) and the prominence of certain actor within social network. Graphs and matrices are used to model and characterize the SNIM and suitable techniques are identified for computational analysis of SNIM. Centrality measures such as degree centrality, betweenness centrality and closeness centrality are taken to determine the connection of each actor with its neighbors and its influence within SNIM. ‘Vizster’ and ‘Prefuse’ are used for graphical representations and to analyze SNIM forensically. The effectiveness of ‘snowball method’ for forensic analysis of dataset graphically is also discussed. In the end the maximum number of immediate ties at step 1 of each vertex are considered to determine the most influential and significant vertices from the SNIM. Various relationship levels are defined on the basis of examiner-defined threshold to conclude the required results.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. http://faculty.ucr.edu/~hanneman/nettext/C1_Social_Network_Data.html

References

  1. WebWatcher. http://www.webwatchernow.com/Record-Instant-Messages.html

  2. Spector Pro. http://www.spectorsoft.com/products/SpectorPro_Windows/

  3. Chat Watch. http://download.cnet.com/Chat-Watch/3000-2150_4-27839.html

  4. Hui SC, Yulan H, Haichao D (2008) Text mining for chat message analysis. IEEE Conf Cybern Intell Syst

  5. Resig J, Ankur T (2004) A framework for mining instant messaging services. Workshop on Link Analysis, Counter-Terrorism & Privacy, SIAM DM

  6. Resig J, Dawara S, Homan CM, Teredesai A (2004) Extracting social networks from instant messaging populations. In: the Proceeding of the 7th ACM SIGKDD Workshop on Link KDD

  7. Jamali M, Abolhhassani H (2006) Different aspects of social network analysis. In the Proceedings of the 2006 I.E. WIC ACM Int. Conf. on Web Intelligence

  8. Resig J, Teredesai A (2004) A framework for mining instant messaging services. In: the Proceedings of the SIAM DM Conference

  9. Access Data, “Registry quick find chart”. http://accessdata.com/downloads/media/Registry%20Quick%20Find%20Chart%20%207-22-08.pdf

  10. Mike D (2006) An examination into MSN Messenger 7.5 contact identification. Digit Investig 3(2):79–83

    Article  MathSciNet  Google Scholar 

  11. Wouter SD (2007) Forensic artefacts left by Windows Live Messenger 8.0. Digit Investig 4(2):73–87

    Article  Google Scholar 

  12. Parsonage H (2008) The forensic recovery of instant messages from MSN messenger and Windows Live Messenger. http://computerforensics.parsonage.co.uk/downloads/MSNandLiveMessenger-ArtefactsOfConversations.pdf

  13. Yang Y et al (2010) Forensic analysis of popular Chinese internet applications. In: the Proceedings of IFIP Int. Conf. Digital Forensics, 285–295

  14. Watts DJ, Strogatz SH (1998) Collective dynamics of 'small-world' networks. Nature 393:440–442

    Article  Google Scholar 

  15. Barmpoutis D, Murray RM (2010) “Networks with the smallest average distance and the largest average clustering”, arXiv, q-bio. MN

  16. Wasserman S, Faust K (1994) Social network analysis. Cambridge University Press, Cambridge

    Book  Google Scholar 

  17. Scott J (2000) Social network analysis: a handbook, 2nd edn. Sage Publications, London

    Google Scholar 

  18. Zaphiris P, Pfeil U (2007) Introduction to social network analysis. In: the proceedings of the 21st BCS HCI Group Conference, Volume 2, 3–7 Sept

  19. Goos G, Hartmanis J et al (1973) Network analysis methodological foundations, Lecture Notes in Computer Science, Commenced Publication

  20. Strogatz SH (2001) Exploring complex networks. Nature (London) 410:268–276

    Article  Google Scholar 

  21. Krebs V (2002) Mapping networks of terrorist cells

  22. Fu D, Remolina E, Eilbert J (2003) A CBR approach to asymmetric plan detection. In: the Proceedings of Workshop on Link Analysis for Detecting Complex Behavior, Washington, DC

  23. Thilagam PS (2010) Applications of social network analysis. In: Handbook of social network technologies and applications, Springer, 637–649

  24. Jamali M, Abolhassani H (2006) Different aspects of social network analysis. In: the proceedings of IEEE/WIC/ACM conference on Web Intelligence

  25. Brandes U (2001) A faster algorithm for betweenness centrality. Journal of Mathematical Sociology 25:163–177

    Article  MATH  Google Scholar 

  26. Freeman LC (1978) Centrality in social networks: conceptual clarification. Soc Networks 1:215–239

    Article  Google Scholar 

  27. Opsahl T, Agneessens F, Skvoretz J (2010) Node centrality in weighted networks: generalizing degree and shortest paths. Soc Networks 32:245–251

    Article  Google Scholar 

  28. Wasserman S, Faust K (1994) Social network analysis: methods and applications. Cambridge University Press, New York

    Book  Google Scholar 

Download references

Acknowledgments

This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education(grant number 2013R1A1A20598).

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Yasin

  2. IT Service Delivery Department, Mobily, Riyadh, Saudi Arabia

    Junaid Ahmad Qureshi

  3. Department of Computer Science, Imam University, Riyadh, Saudi Arabia

    Firdous Kausar

  4. Department of Mathematics, Kookmin University, Seoul, South Korea

    Jongsung Kim

  5. National Security Research Institute (NSRI), P.O.Box 1, Yuseong, Daejeon, 305-600, South Korea

    Jungtaek Seo

Authors
  1. Muhammad Yasin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junaid Ahmad Qureshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Firdous Kausar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jongsung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jungtaek Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jongsung Kim.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yasin, M., Qureshi, J.A., Kausar, F. et al. A granular approach for user-centric network analysis to identify digital evidence. Peer-to-Peer Netw. Appl. 8, 911–924 (2015). https://doi.org/10.1007/s12083-014-0250-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-014-0250-x

Keywords

Search

Navigation