Cyber Crime Investigations in the Era of Big Data

Andrii Shalaginov, Jan William Johnsen, Katrin Franke

2017 IEEE International Conference on Big Data (BIGDATA)
11-14 Dec. 2017

Electronic ISBN: 978-1-5386-2715-0

USB ISBN: 978-1-5386-2714-3
Print on Demand(PoD) ISBN: 978-1-5386-2716-7
Contents

1. What is the problem the authors are trying to solve?

2. What is the authors' approach or solution?
3. Why is it better than the other approaches or solutions?
4. How does it perform?
5. Why is this work important?
6. Review of the paper
 1.What is the problem the authors are trying to solve?

In the field of Cyber Crime, it includes not only malicious activities but also
misuse of the functions that the Information and Communications Technology
(ICT) systems were originally designed for. Recent improvements to ICT and
Internet’s availability have boosted cyber criminal’s ability to attack computer
systems. Cybercriminal now can affect a lot more victims than they could
before with victims spread all over the globe. Cyber Crime Investigations (CCI)
has seen an increase in seized data size and complexity of used technologies.
However, many of the investigative tools are design only to facilitate manual
analysis such as keyword searches and data representation. As result, current
methodological approaches cannot cope with the large-scale data collection in
today’s cybercrime investigations. This results in investigations taking months
or years before bringing justice and stopping crime. There exists a need for
more efficient models capable of describing phenomena in the data, to process
and find evidence. Computer-based methods and modelling are thus slowly
becoming an inseparable part of criminal investigations. This paper therefore
gives an insight of how Big Data analytics aids in the field of Cyber Crime
Investigation both in case of investigation and prevention.
 2. What is the authors' approach or solution?

Figure 1. The digital forensics process related to data processing and analysis

Big Data is a paradigm most often associated with increasing variety, volume,
velocity, veracity and value. Each of them different challenges to the table.
Volume and velocity are mostly handled by hardware and software solutions,
capable of strong vast amount of data and transfer it at fast speeds. There is no
easy solution for the variety and veracity of Big Data. This implies a need for
new and innovative solutions to analyse huge amounts of data. To tackle this,
the free lunch theorem is put forth. no free lunch theorem suggests that the same
method that find the needle in one haystack, does not necessarily work for
another haystack.

While the no free lunch theorem show that we should not favour one method
over another, the ugly duckling theorem states that there is no “best” feature
representation the method can use. Trying to add more features to a model to
increase the statistical significance just leads to the curse of dimensionality.
Which is a problem caused by the added volume in the feature space; i.e. when
more features are added then the volume of the space increases so fast that the
feature space becomes sparse.
Over last few years authors have been raising an importance of advanced data
analytics for Digital Forensics. Some authors have been developing new tools to
facilitate DFP based on Big Data-oriented solutions such NoSQL storage for
reports generation. Finally, presented an improvement of the classical DFP,
touching specific data processing tasks shown in figure.

Another suggestion was to rely on some of the sub-fields of data science, the
sub-fields are: machine learning, data mining and pattern recognition. What
these sub-fields have in common is the use of computer power to analyse vast
amounts of data. They give machines the ability to learn from data, just as how
any human experts would learn, just at a much faster rate and on more data.
While humans are limited in how many fields they can be experts in, machines
do not have the same limitation. They can learn multiple interdisciplinary fields
with the additional benefit of doing it faster than any humans. Therefore,
introducing the concept of Computational Forensics which is computer-based
modelling for forensic science. Computational methods provide tools to support
forensic investigators in their daily casework provide a scientific basis and
ultimately represent human expert knowledge and reasoning.
 3. Why is it better than the other approaches or solutions?

The term “computational” has been associated with several disciplines of

human expertise. Examples are computational vision, computational linguistics,
computational chemistry, computational advertising, etc. Analogously a body of
knowledge and methods to be collectively defined as computational forensics
can be defined. Computer methods and algorithms enable the forensic
practitioner to:

 reveal and improve traces evidence for further investigation,

 analyse and identify evidence in an objective and reproducible manner,
 assess the quality of an examination method,
 report and standardize investigative procedures,
 search large volumes of data efficiently,
 visualize and document the results of analysis,
 assist in the interpretation of results and their argumentation,
 reveal previously unknown patterns/links, to derive new rules and
contribute to the generation of new knowledge.
 4. How does it perform?

Computational methods find a place in the forensic sciences in three ways. First,
they provide tools for the human examiner to better analyse evidence by
overcoming limitations of human cognitive ability– thus they can support the
forensic examiner in his /her daily casework. Secondly, they can be used to
provide the scientific basis for a forensic discipline or procedure by providing
for the analysis of large volumes of data which are not humanly possible.
Thirdly they can ultimately be used to represent human expert knowledge and
for implementing recognition and reasoning abilities in machines. While the
goal of a computer to provide an opinion is a goal analogous to other grand
challenges of artificial intelligence, they are unlikely to replace the human
examiner in the foreseeable future. On the other hand, it is more likely that
modern crime investigation will profit from the hybrid-intelligence of humans
and machines.
 5. Why is this work important?

Big Data is becoming a challenge to criminal forensic investigators when

dealing with cyber enabled and cyber-dependent crimes. Traditional
investigative approaches and digital forensics tools become less efficient, as
they their capability to provide required results in a timely manner and within
resource constraints. One promising option to Cyber Crime Investigations is to
use computational forensics based on advanced data analytics to prevent and
combat cybercrime. Therefore, machine intelligence and computer modelling
should be an integral part of the Investigations. Computational forensics, as one
of the solutions, brings fast and efficient ways of analysing data to find tiny
evidence in large and unstructured heaps of data.
 Review of The Paper
Questions
What is the main contribution of the
paper? Is it an important
contribution? Why or why not?
What was the main insight in getting
the result?
Propose an extension to the paper
which would be interesting to
consider. (You need not have any
idea how to approach this extension)
Suggest a question/problem arising
from the paper.
What are the applications of this
work? Are the underlying
assumptions appropriate for the
applications?
Answer/Suggestions
The paper first introduces the
traditional methods that were used
and goes on to suggest the method
called computational forensics. The
contribution is important as it offers
tools to support forensic investigators
in their daily casework provide a
scientific basis.
This method of advanced data
analysis makes analysing data more
organised allowing them to efficiently
corelate data from distinct crimes and
crime scenes. This is also about
looking for abnormalities in sparse
and highly-balanced data.
New innovative tools to
computational forensics will suffice.
Since there is no standard definition
of an offense, does it affect the
analysis of data?
Cyber crimes are increasing at a fast
rate by the day. Some criminals
performing these harmful acts usually
inspired by other criminals. Drawing
a pattern or association with previous
crimes could help solve the current
crimes faster and prevent it from
creating any further damage.