Detection of Crime Patterns in Digital Forensic Investigation to Trace the Adversaries

Abstract

The use of the internet has increased significantly over the past couple of years. Access to the internet has become so common that a person without computer knowledge can also use this facility easily. This ease of availability has provided a lot of benefits to society but on the other hand misuse of the internet for personal or corporate benefits is also increasing. To prosecute cybercriminals and make some lawful checks on everyone's digital activities, digital forensic science comes into the light. In this context, we developed a new framework that improves the digital forensic investigation process. This research paper proposes a method in which we can identify the illegal activities and trace the adversaries. We capture the TCP (Transmission Control Protocol) packets from the servers and workstations. This data collected from the TCP log is stored in the database and preprocessed to eliminate redundant data. Furthermore, the database also contains past data. The proposed framework has three major processes collection of TCP packets, storing and preprocessing of collected data in a database, and mining of the pattern through a digital forensic anomaly collection algorithm. For the evaluation of our proposed framework, we have developed a java based application. The results are shown in the form of reports and tables.