Mining criminal networks from unstructured text documents

Rabeah Al-Zaidy; Benjamin C.M. Fung; Amr M. Youssef; Francis Fortin

doi:10.1016/j.diin.2011.12.001

Mining criminal networks from unstructured text documents

Rabeah Al-Zaidy
, Benjamin C.M. Fung^*
, Amr M. Youssef
, Francis Fortin

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

49 Scopus citations

Abstract

Digital data collected for forensics analysis often contain valuable information about the suspects' social networks. However, most collected records are in the form of unstructured textual data, such as e-mails, chat messages, and text documents. An investigator often has to manually extract the useful information from the text and then enter the important pieces into a structured database for further investigation by using various criminal network analysis tools. Obviously, this information extraction process is tedious and error-prone. Moreover, the quality of the analysis varies by the experience and expertise of the investigator. In this paper, we propose a systematic method to discover criminal networks from a collection of text documents obtained from a suspect's machine, extract useful information for investigation, and then visualize the suspect's criminal network. Furthermore, we present a hypothesis generation approach to identify potential indirect relationships among the members in the identified networks. We evaluated the effectiveness and performance of the method on a real-life cybercrimine case and some other datasets. The proposed method, together with the implemented software tool, has received positive feedback from the digital forensics team of a law enforcement unit in Canada.

Original language	English
Pages (from-to)	147-160
Number of pages	14
Journal	Digital Investigation
Volume	8
Issue number	3-4
DOIs	https://doi.org/10.1016/j.diin.2011.12.001
State	Published - Feb 2012
Externally published	Yes

Bibliographical note

Funding Information:
The authors would like to thank the anonymous reviewers for their constructive comments that greatly helped improve this paper. The research is supported in part by research grants from Le Fonds québécois de la recherche sur la nature et les technologies (FQRNT) new researchers start-up program, Concordia ENCS seed funding program , and the National Cyber-Forensics and Training Alliance Canada (NCFTA Canada).

Keywords

Criminal network
Data mining
Forensic analysis
Hypothesis generation
Information retrieval

ASJC Scopus subject areas

Pathology and Forensic Medicine
Information Systems
Computer Science Applications
Medical Laboratory Technology
Law

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1016/j.diin.2011.12.001

Cite this

@article{4536eb7dfcab4ae6887f2aa637ec58c3,

title = "Mining criminal networks from unstructured text documents",

abstract = "Digital data collected for forensics analysis often contain valuable information about the suspects' social networks. However, most collected records are in the form of unstructured textual data, such as e-mails, chat messages, and text documents. An investigator often has to manually extract the useful information from the text and then enter the important pieces into a structured database for further investigation by using various criminal network analysis tools. Obviously, this information extraction process is tedious and error-prone. Moreover, the quality of the analysis varies by the experience and expertise of the investigator. In this paper, we propose a systematic method to discover criminal networks from a collection of text documents obtained from a suspect's machine, extract useful information for investigation, and then visualize the suspect's criminal network. Furthermore, we present a hypothesis generation approach to identify potential indirect relationships among the members in the identified networks. We evaluated the effectiveness and performance of the method on a real-life cybercrimine case and some other datasets. The proposed method, together with the implemented software tool, has received positive feedback from the digital forensics team of a law enforcement unit in Canada.",

keywords = "Criminal network, Data mining, Forensic analysis, Hypothesis generation, Information retrieval",

author = "Rabeah Al-Zaidy and Fung, \{Benjamin C.M.\} and Youssef, \{Amr M.\} and Francis Fortin",

note = "Funding Information: The authors would like to thank the anonymous reviewers for their constructive comments that greatly helped improve this paper. The research is supported in part by research grants from Le Fonds qu{\'e}b{\'e}cois de la recherche sur la nature et les technologies (FQRNT) new researchers start-up program, Concordia ENCS seed funding program , and the National Cyber-Forensics and Training Alliance Canada (NCFTA Canada).",

year = "2012",

month = feb,

doi = "10.1016/j.diin.2011.12.001",

language = "English",

volume = "8",

pages = "147--160",

journal = "Digital Investigation",

issn = "1742-2876",

publisher = "Elsevier Ltd.",

number = "3-4",

}

TY - JOUR

T1 - Mining criminal networks from unstructured text documents

AU - Al-Zaidy, Rabeah

AU - Fung, Benjamin C.M.

AU - Youssef, Amr M.

AU - Fortin, Francis

N1 - Funding Information: The authors would like to thank the anonymous reviewers for their constructive comments that greatly helped improve this paper. The research is supported in part by research grants from Le Fonds québécois de la recherche sur la nature et les technologies (FQRNT) new researchers start-up program, Concordia ENCS seed funding program , and the National Cyber-Forensics and Training Alliance Canada (NCFTA Canada).

PY - 2012/2

Y1 - 2012/2

N2 - Digital data collected for forensics analysis often contain valuable information about the suspects' social networks. However, most collected records are in the form of unstructured textual data, such as e-mails, chat messages, and text documents. An investigator often has to manually extract the useful information from the text and then enter the important pieces into a structured database for further investigation by using various criminal network analysis tools. Obviously, this information extraction process is tedious and error-prone. Moreover, the quality of the analysis varies by the experience and expertise of the investigator. In this paper, we propose a systematic method to discover criminal networks from a collection of text documents obtained from a suspect's machine, extract useful information for investigation, and then visualize the suspect's criminal network. Furthermore, we present a hypothesis generation approach to identify potential indirect relationships among the members in the identified networks. We evaluated the effectiveness and performance of the method on a real-life cybercrimine case and some other datasets. The proposed method, together with the implemented software tool, has received positive feedback from the digital forensics team of a law enforcement unit in Canada.

AB - Digital data collected for forensics analysis often contain valuable information about the suspects' social networks. However, most collected records are in the form of unstructured textual data, such as e-mails, chat messages, and text documents. An investigator often has to manually extract the useful information from the text and then enter the important pieces into a structured database for further investigation by using various criminal network analysis tools. Obviously, this information extraction process is tedious and error-prone. Moreover, the quality of the analysis varies by the experience and expertise of the investigator. In this paper, we propose a systematic method to discover criminal networks from a collection of text documents obtained from a suspect's machine, extract useful information for investigation, and then visualize the suspect's criminal network. Furthermore, we present a hypothesis generation approach to identify potential indirect relationships among the members in the identified networks. We evaluated the effectiveness and performance of the method on a real-life cybercrimine case and some other datasets. The proposed method, together with the implemented software tool, has received positive feedback from the digital forensics team of a law enforcement unit in Canada.

KW - Criminal network

KW - Data mining

KW - Forensic analysis

KW - Hypothesis generation

KW - Information retrieval

UR - https://www.scopus.com/pages/publications/84857920578

U2 - 10.1016/j.diin.2011.12.001

DO - 10.1016/j.diin.2011.12.001

M3 - Article

AN - SCOPUS:84857920578

SN - 1742-2876

VL - 8

SP - 147

EP - 160

JO - Digital Investigation

JF - Digital Investigation

IS - 3-4

ER -

Mining criminal networks from unstructured text documents

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Fingerprint

Cite this