Electronics and information technologies / Електроніка та інформаційні технології

Data mining for digital forensic analysis is focused on pattern extraction from large-scale data. These patterns are used to help analysts to solve crimes. One of the most promising applications of data mining algorithms is building recommendation systems. The goal of such systems is to propose future directions of the investigation. They are especially useful for investigation with large scale collections of forensic data.

In this paper I will depict one of possible architectures aiming to build recommender system for forensic data analysis.

This system consists of two subsystems: clues recommendation and suspects recommendation. They can be used together as well as independently.

The goal of the first subsystem is to make a list of clues based on previous investigations of other cases. First stage of clues recommendation algorithms is feature extraction. Feature extraction could be performed by NLP (Natural Language Processing) algorithms if we have text data or some other algorithms for analysis of images, videos and audios. Then for clues recommendation matrix decomposition LFA (Latent Factor Analysis) method is used. To make predictions also LFA is used. Recommendation is made by means of context filtering. The last stage is sorting of resulting data output of recommendation.

The goal of the second subsystem is to make a recommendation list of suspects. This is achieved through analysis of previous cases of the same type as current case. First stage of suspect recommendation algorithm is also feature extraction, which is performed the same way as in clues recommendation algorithm. Then KNN (K nearest neighbors) algorithms is used. Next stage is collaborative prediction. Same as in clues recommendation algorithm recommendation is made by means of context filtering. The last stage is sorting of resulting data and output of recommendation.

Such system should help investigators to save time which is very important at first stage of investigation.

Key words: forensic analysis, recommendation, collaborative filtering.