Stream Clustering on a Forensic Timeline

Deka Julian Arrizki; Stefanus Albert Kosim; Hudan Studiawan

doi:10.1109/ISDFS60797.2024.10527350

Stream Clustering on a Forensic Timeline

Deka Julian Arrizki, Stefanus Albert Kosim, Hudan Studiawan

Institut Teknologi Sepuluh Nopember

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Digital forensics heavily relies on forensic timelines to maintain a chronological record of events and activities. With the exponential growth of digital activity, it is a significant challenge to efficiently categorize related events on these timelines. Inefficient memory utilization is the primary challenge, as forensic timelines contain large and complex data, causing the capability to process data incrementally. This paper introduces an innovative approach that employs stream clustering techniques for event segmentation and categorization within forensic timelines. It considers forensic timelines as dynamic data streams that adapt in real-time to incoming events. This approach optimizes the processing and grouping of emerging events by leveraging temporal patterns and evolving event contexts, unlike traditional clustering methods that require complete datasets. In this study, three-stream clustering algorithms were tested, and it was discovered that link clustering produced the lowest score in silhouette score and Davies-Bouldin Index with the highest score in Calinski-Harabasz Index compared to DenStream and BIRCH. This concluded that link clustering performs the best clustering among these three algorithms.

Original language	English
Title of host publication	12th International Symposium on Digital Forensics and Security, ISDFS 2024
Editors	Asaf Varol, Murat Karabatak, Cihan Varol, Eva Tuba
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798350330366
DOIs	https://doi.org/10.1109/ISDFS60797.2024.10527350
Publication status	Published - 2024
Event	12th International Symposium on Digital Forensics and Security, ISDFS 2024 - San Antonio, United States Duration: 29 Apr 2024 → 30 Apr 2024

Publication series

Name	12th International Symposium on Digital Forensics and Security, ISDFS 2024

Conference

Conference	12th International Symposium on Digital Forensics and Security, ISDFS 2024
Country/Territory	United States
City	San Antonio
Period	29/04/24 → 30/04/24

Keywords

forensic image
forensic timeline
stream clustering

Access to Document

10.1109/ISDFS60797.2024.10527350

Cite this

Arrizki, D. J., Kosim, S. A., & Studiawan, H. (2024). Stream Clustering on a Forensic Timeline. In A. Varol, M. Karabatak, C. Varol, & E. Tuba (Eds.), 12th International Symposium on Digital Forensics and Security, ISDFS 2024 (12th International Symposium on Digital Forensics and Security, ISDFS 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISDFS60797.2024.10527350

Arrizki, Deka Julian ; Kosim, Stefanus Albert ; Studiawan, Hudan. / Stream Clustering on a Forensic Timeline. 12th International Symposium on Digital Forensics and Security, ISDFS 2024. editor / Asaf Varol ; Murat Karabatak ; Cihan Varol ; Eva Tuba. Institute of Electrical and Electronics Engineers Inc., 2024. (12th International Symposium on Digital Forensics and Security, ISDFS 2024).

@inproceedings{460a763550c24a05bb87cbde0f91af84,

title = "Stream Clustering on a Forensic Timeline",

abstract = "Digital forensics heavily relies on forensic timelines to maintain a chronological record of events and activities. With the exponential growth of digital activity, it is a significant challenge to efficiently categorize related events on these timelines. Inefficient memory utilization is the primary challenge, as forensic timelines contain large and complex data, causing the capability to process data incrementally. This paper introduces an innovative approach that employs stream clustering techniques for event segmentation and categorization within forensic timelines. It considers forensic timelines as dynamic data streams that adapt in real-time to incoming events. This approach optimizes the processing and grouping of emerging events by leveraging temporal patterns and evolving event contexts, unlike traditional clustering methods that require complete datasets. In this study, three-stream clustering algorithms were tested, and it was discovered that link clustering produced the lowest score in silhouette score and Davies-Bouldin Index with the highest score in Calinski-Harabasz Index compared to DenStream and BIRCH. This concluded that link clustering performs the best clustering among these three algorithms.",

keywords = "forensic image, forensic timeline, stream clustering",

author = "Arrizki, {Deka Julian} and Kosim, {Stefanus Albert} and Hudan Studiawan",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 12th International Symposium on Digital Forensics and Security, ISDFS 2024 ; Conference date: 29-04-2024 Through 30-04-2024",

year = "2024",

doi = "10.1109/ISDFS60797.2024.10527350",

language = "English",

series = "12th International Symposium on Digital Forensics and Security, ISDFS 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Asaf Varol and Murat Karabatak and Cihan Varol and Eva Tuba",

booktitle = "12th International Symposium on Digital Forensics and Security, ISDFS 2024",

address = "United States",

}

Arrizki, DJ, Kosim, SA & Studiawan, H 2024, Stream Clustering on a Forensic Timeline. in A Varol, M Karabatak, C Varol & E Tuba (eds), 12th International Symposium on Digital Forensics and Security, ISDFS 2024. 12th International Symposium on Digital Forensics and Security, ISDFS 2024, Institute of Electrical and Electronics Engineers Inc., 12th International Symposium on Digital Forensics and Security, ISDFS 2024, San Antonio, United States, 29/04/24. https://doi.org/10.1109/ISDFS60797.2024.10527350

Stream Clustering on a Forensic Timeline. / Arrizki, Deka Julian; Kosim, Stefanus Albert; Studiawan, Hudan.
12th International Symposium on Digital Forensics and Security, ISDFS 2024. ed. / Asaf Varol; Murat Karabatak; Cihan Varol; Eva Tuba. Institute of Electrical and Electronics Engineers Inc., 2024. (12th International Symposium on Digital Forensics and Security, ISDFS 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Stream Clustering on a Forensic Timeline

AU - Arrizki, Deka Julian

AU - Kosim, Stefanus Albert

AU - Studiawan, Hudan

PY - 2024

Y1 - 2024

N2 - Digital forensics heavily relies on forensic timelines to maintain a chronological record of events and activities. With the exponential growth of digital activity, it is a significant challenge to efficiently categorize related events on these timelines. Inefficient memory utilization is the primary challenge, as forensic timelines contain large and complex data, causing the capability to process data incrementally. This paper introduces an innovative approach that employs stream clustering techniques for event segmentation and categorization within forensic timelines. It considers forensic timelines as dynamic data streams that adapt in real-time to incoming events. This approach optimizes the processing and grouping of emerging events by leveraging temporal patterns and evolving event contexts, unlike traditional clustering methods that require complete datasets. In this study, three-stream clustering algorithms were tested, and it was discovered that link clustering produced the lowest score in silhouette score and Davies-Bouldin Index with the highest score in Calinski-Harabasz Index compared to DenStream and BIRCH. This concluded that link clustering performs the best clustering among these three algorithms.

AB - Digital forensics heavily relies on forensic timelines to maintain a chronological record of events and activities. With the exponential growth of digital activity, it is a significant challenge to efficiently categorize related events on these timelines. Inefficient memory utilization is the primary challenge, as forensic timelines contain large and complex data, causing the capability to process data incrementally. This paper introduces an innovative approach that employs stream clustering techniques for event segmentation and categorization within forensic timelines. It considers forensic timelines as dynamic data streams that adapt in real-time to incoming events. This approach optimizes the processing and grouping of emerging events by leveraging temporal patterns and evolving event contexts, unlike traditional clustering methods that require complete datasets. In this study, three-stream clustering algorithms were tested, and it was discovered that link clustering produced the lowest score in silhouette score and Davies-Bouldin Index with the highest score in Calinski-Harabasz Index compared to DenStream and BIRCH. This concluded that link clustering performs the best clustering among these three algorithms.

KW - forensic image

KW - forensic timeline

KW - stream clustering

UR - http://www.scopus.com/inward/record.url?scp=85194035330&partnerID=8YFLogxK

U2 - 10.1109/ISDFS60797.2024.10527350

DO - 10.1109/ISDFS60797.2024.10527350

M3 - Conference contribution

AN - SCOPUS:85194035330

T3 - 12th International Symposium on Digital Forensics and Security, ISDFS 2024

BT - 12th International Symposium on Digital Forensics and Security, ISDFS 2024

A2 - Varol, Asaf

A2 - Karabatak, Murat

A2 - Varol, Cihan

A2 - Tuba, Eva

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 12th International Symposium on Digital Forensics and Security, ISDFS 2024

Y2 - 29 April 2024 through 30 April 2024

ER -

Arrizki DJ, Kosim SA, Studiawan H. Stream Clustering on a Forensic Timeline. In Varol A, Karabatak M, Varol C, Tuba E, editors, 12th International Symposium on Digital Forensics and Security, ISDFS 2024. Institute of Electrical and Electronics Engineers Inc. 2024. (12th International Symposium on Digital Forensics and Security, ISDFS 2024). doi: 10.1109/ISDFS60797.2024.10527350

Stream Clustering on a Forensic Timeline

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this