Lecture 16: Data Forensics and Analysis

Question 1

What steps are in the forensic process?

Answer 1

• Seizure
• Imaging
• Analysis
• Reporting

Question 2

What is data analysis and what is needed?

Answer 2

Data
“separation of a whole into its component parts”

Needed: Sufficient relevant data

Question 3

Constraints of Data analysis task

Answer 3

• Time
• Access to data
• Technological resources

Question 4

Data limitations

Answer 4

• Missing data
• Altered data
• Different forms of the same data
• Different definitions of the same data
• Non-existent data

Question 5

What are the steps in data analysis process?

Answer 5

• Planning
• Data collection
• Data preperation
• Data analysis

Question 6

1. What does the analysis plan contain?

Answer 6

• Purpose of the analysis
• Audience for the analysis
• Data availability and quality (choices about what data to include)

Question 7

2. What does data preperation entail?

Answer 7

• Data inventory (list items, sources and dates)
• Date pre-processing (improve quality, data cleaning)
• Databases and data warehouse

Question 8

3. What are the Major Tasks in Data Pre‐processing?

Answer 8

• Data summarisation (Identify typical properties of the data, understand distribution of data - central tendency and dispersion)
• Data cleaning
• Data integration
• Data transformation
• Data reduction
• Data discretisation

Question 9

What does data cleaning entail?

Answer 9

Fill in missing values
– Ignore the tuple
– Fill in the missing value manually
– Use a global constant
– Use the attribute mean
– Use the attribute mean for all samples belonging
to the same class
– Use the most probable value

Question 10

What is the mean?

Answer 10

The mean is the average of a data set, calculated by dividing the sum of all values by the number of values

Question 11

What is de median?

Answer 11

Median is the middle value if N is odd and is the
average of the two middle values if N is even

Question 12

What is the mode?

Answer 12

Value that occurs most frequently in the set

Question 13

What is the midrange?

Answer 13

The midrange is the average of the smallest and largest values in a data set

Question 14

What is data dispersion?

Answer 14

The degree to which numerical data tend to spread

Question 15

What is behaviour profiling?

Answer 15

Capability to recognize patterns of criminal activity. Predict when and where crimes are likely to take place

Question 16

What is data mining?

Answer 16

Knowledge discovery in databases
KDD = data mining process

Question 17

Where can data mining be used for?

Answer 17

– Market analysis and management
– Risk analysis and management
– Fraud detection and management

Question 18

Data mining techniques

Answer 18

• Link analysis (graphical analysis)
• Clustering analysis (grouping a set of data objects into clusters)
• Intelligent agents
• Text mining
• Neural Networks
• Machine‐learning algorithms