Forensic data analysis

The Forensic Data Analysis (FDA) is a branch of computer forensics . She examines structured data after incidents of white- collar crime. The aim is to uncover or demonstrate and analyze the patterns of action. Data from application systems or from their underlying databases are referred to as structured data .

In contrast, unstructured data usually comes from communication or office applications or from mobile devices. These data do not have an overarching structure and are analyzed using computer forensics with regard to keywords or communication processes.

Procedure

The analysis of the mostly large amounts of data is typically done in a separate database system of the analyst team. On the one hand, the original systems are usually not dimensioned in such a way that extensive, individual analyzes are possible without affecting regular users. On the other hand, it is methodologically preferable to analyze copies of data on separate systems, thus protecting the analysis team from accusations of altering the original data.

To analyze large, structured databases with the aim of uncovering white-collar crimes, at least three different technical expertise are required in the analysis team: a data analyst who can handle the technical processing of the data and write the actual queries, a team member with precise knowledge of the processes and internal controls in the questionable area of ​​the examined company and a forensic scientist who knows patterns of behavior that are harmful to the company .

After an initial analysis using the methods of exploratory data analysis , the actual process of forensic data analysis usually takes place iteratively. First, a hypothesis is formed as to which pattern of action the perpetrator may have used to gain an advantage. Then the traces remaining in the system are searched for. Then the hypothesis is refined or rejected.

Linking different databases, especially data from different systems or sources, is particularly useful. These are usually not known to the perpetrator or cannot be influenced by him afterwards.

Data visualization methods are often used to display the results .

literature

• Jörg Meyer: Forensic data analysis. 1st edition. Erich Schmidt Verlag, Berlin 2012, ISBN 978-3-50313-847-0 .