1 / 10

Quantification of Digital Forensic Hypotheses Using Probability Theory

Quantification of Digital Forensic Hypotheses Using Probability Theory. Richard E Overill & Jantje A M Silomon King’s College London Kam-Pui Chow & Hayson Tse University of Hong Kong. Synopsis. Introduction & Background Probabilistic Models Simplifying Assumptions

luann
Download Presentation

Quantification of Digital Forensic Hypotheses Using Probability Theory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quantification of Digital Forensic Hypotheses UsingProbability Theory Richard E Overill & Jantje A M Silomon King’s College London Kam-Pui Chow & HaysonTse University of Hong Kong

  2. Synopsis • Introduction & Background • Probabilistic Models • Simplifying Assumptions • Results& Interpretation • Summary & Conclusions • Questions & Comments?

  3. Introduction & Background • Possession of Child Pornography (CP) is a serious offence in HK, UK and elsewhere • Under prosecution, 2 common defences are: • Trojan Horse (when many CP images are recovered) • Inadvertent (when a few CP images are recovered amongst many non-CP images) • We used complexity theory to quantify the plausibility of the THD (ICDFI-2012, ICDFI-2013) • Here we use probability theory to quantify the plausibility of the Inadvertent Defence (ID)

  4. Probabilistic Models • Greedy download – every image on website • the probability distribution is trivially singular. • Selective download – a representative sample of images on website • Infinite website: probabilities do not change as download proceeds – use the Binomial Theorem; • Finite website: probabilities change as images are downloaded – use the “Urn/Bag of balls” model.

  5. Simplifying Assumptions • Random browsing behaviour. • Random distribution of CP images on website. • No duplicates in download. • Single download session. • Single website. • Single computer. • One individual.

  6. Results & Interpretation • 2 actual HK cases: • Case 1: 248/30,000 images were CP (2010); • Case 2: 84/714,430 images were of CP (2013). • “worst case” (prosecution) results:

  7. Case 1 - Probability Distributions Finite Model Infinite Model

  8. Case 2 - Probability Distributions Finite Model Infinite Model

  9. Summary & Conclusions • Infinite model worst-case results (2.5% & 4.3%) suggest a criminal prosecution is feasible. • Finite model worst-case results (3% & 8%) also suggest a criminal prosecution is feasible but are influenced by assumptions of websitesize. • Non-worst-case probabilities fall off rapidly: σ≈√μ • Simple probability models can be used to quantify the plausibility of the Inadvertent defence (ID) against possession of CP.

  10. Questions & Comments? richard.overill@kcl.ac.uk www.inf.kcl.ac.uk/staff/richard/

More Related