{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T03:40:41Z","timestamp":1777002041155,"version":"3.51.4"},"reference-count":42,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2014,9,12]],"date-time":"2014-09-12T00:00:00Z","timestamp":1410480000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"In this paper we posit that current investigative techniques\u2014particularly as deployed by law enforcement, are becoming unsuitable for most types of crime investigation. The growth in cybercrime and the complexities of the types of the cybercrime coupled with the limitations in time and resources, both computational and human, in addressing cybercrime put an increasing strain on the ability of digital investigators to apply the processes of digital forensics and digital investigations to obtain timely results. In order to combat the problems, there is a need to enhance the use of the resources available and move beyond the capabilities and constraints of the forensic tools that are in current use. We argue that more intelligent techniques are necessary and should be used proactively. The paper makes the case for the need for such tools and techniques, and investigates and discusses the opportunities afforded by applying principles and procedures of artificial intelligence to digital forensics intelligence and to intelligent forensics and suggests that by applying new techniques to digital investigations there is the opportunity to address the challenges of the larger and more complex domains in which cybercrimes are taking place.<\/jats:p>","DOI":"10.3390\/fi6030584","type":"journal-article","created":{"date-parts":[[2014,9,12]],"date-time":"2014-09-12T10:25:43Z","timestamp":1410517543000},"page":"584-596","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":62,"title":["Digital Forensics to Intelligent Forensics"],"prefix":"10.3390","volume":"6","author":[{"given":"Alastair","family":"Irons","sequence":"first","affiliation":[{"name":"The University of Sunderland, David Goldman Informatics Centre, St Peters Campus, Sunderland SR6 0DD, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Harjinder","family":"Lallie","sequence":"additional","affiliation":[{"name":"University of Warwick (WMG), Coventry CV4 7AL, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2014,9,12]]},"reference":[{"key":"ref_1","unstructured":"EURIM-ippr. (2004). EURIM\u2014IPPR E-Crime Study: Partnership Policing for the Information Society. Available online: http:\/\/www.eurim.org\/consult\/e-crime\/may_04\/ECS_DP3_Skills_040505_web.htm."},{"key":"ref_2","unstructured":"European Information Society Group (EURIM) Available online: http:\/\/www.eurim.org.uk\/activities\/e-crime\/partpolicing.php."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/j.diin.2010.07.001","article-title":"The Digital Crime Tsunami","volume":"Volume 7","author":"Gogolin","year":"2010","journal-title":"Digital Investigation"},{"key":"ref_4","unstructured":"Federal Bureau of Investigation (FBI) 2013, Piecing Together Digital Evidence\u2014The Computer Analysis Response Team, Available online: http:\/\/www.fbi.gov\/news\/stories\/2013\/january\/piecing-together-digital-evidence\/piecing-together-digital-evidence."},{"key":"ref_5","unstructured":"Otago Daily Times FBI ordered to copy seized Dotcom data. Available online: http:\/\/www.odt.co.nz\/news\/national\/213394\/fbi-ordered-copy-seized-dotcom-data."},{"key":"ref_6","unstructured":"U.S. Department of Justice, Regional Computer Forensics Laboratory (RCFL) (2007). Annual Report for Fiscal Year 2007, RCFL."},{"key":"ref_7","unstructured":"U.S. Department of Justice, Regional Computer Forensics Laboratory (RCFL) (2008). Annual Report for Fiscal Year 2008, RCFL."},{"key":"ref_8","unstructured":"U.S. Department of Justice, Regional Computer Forensics Laboratory (RCFL) (2009). Annual Report for Fiscal Year 2009, RCFL."},{"key":"ref_9","unstructured":"U.S. Department of Justice, Regional Computer Forensics Laboratory (RCFL) (2010). Annual Report for Fiscal Year 2010, RCFL."},{"key":"ref_10","unstructured":"U.S. Department of Justice, Regional Computer Forensics Laboratory (RCFL) (2011). Annual Report for Fiscal Year 2011, RCFL."},{"key":"ref_11","unstructured":"Abad, C., Taylor, J., Sengul, C., Yurcik, W., Zhou, Y., and Rowe, K. (, 2003). Log Correlation for Intrusion Detection: A Proof of Concept. Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, NV, USA."},{"key":"ref_12","unstructured":"Al-Hammadi, Y., and Aickelin, U. Detecting botnets through log correlation. Available online: http:\/\/arivx.org\/ftp\/arxw\/papers\/1001\/1001.2665.pdf."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Herrerias, J., and Gomez, R. (2007, January 10\u201312). A Log Correlation Model to Support the Evidence Search Process in a Forensic Investigation. Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE 2007).","DOI":"10.1109\/SADFE.2007.1"},{"key":"ref_14","first-page":"17","article-title":"Digital forensic research: The good, the bad and the unaddressed","volume":"V","author":"Beebe","year":"2009","journal-title":"Adv. Digit. Forensics"},{"key":"ref_15","unstructured":"European Union Agency for Network and Information Security (ENISA) Cloud Computing. Benefits, Risks and Recommendations for Information Security. Available online: http:\/\/www.enisa.europa.eu\/activities\/risk-management\/files\/deliverables\/cloud-computing-risk-assessment\/at_download\/fullReport."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Birk, D. (2011, January 26). Technical Challenges of Forensic Investigations in Cloud Computing Environments. Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, CA, USA.","DOI":"10.1109\/SADFE.2011.17"},{"key":"ref_17","first-page":"71","article-title":"Applying the ACPO principles to Cloud forensic investigations","volume":"7","author":"Lallie","year":"2012","journal-title":"J. Digit. Forensics Secur. Law"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"26","DOI":"10.20533\/ijmip.2042.4647.2011.0004","article-title":"Cloud computing: Pros and cons for computer forensic Investigations","volume":"1","author":"Reilly","year":"2011","journal-title":"Int. J. Multimedia Image Process. (IJMIP)"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1016\/S1353-4858(11)70024-1","article-title":"Forensic investigation of cloud computing systems","volume":"2011","author":"Taylor","year":"2011","journal-title":"Netw. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"28","DOI":"10.4018\/jdcf.2012040103","article-title":"Calm before the storm: the challenges of cloud computing in digital forensics","volume":"4","author":"Grispos","year":"2012","journal-title":"Int. J. Digit. Crime Forensics (IJDCF)"},{"key":"ref_21","unstructured":"Qureshi, A. (2008, January 6\u20137). Plugging into Energy Market Diversity. Proceedings of the 7th ACM Workshop on Hot Topics in Networks, Calgary, AB, Canada."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1145\/1536616.1536632","article-title":"The pathologies of big data","volume":"52","author":"Jacobs","year":"2009","journal-title":"Commun. ACM"},{"key":"ref_23","unstructured":"Lai, P., Chow, K.-P., Fan, X.-X., and Chan, V. (2013). Advances in Digital Forensics IX, Springer."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/j.diin.2006.06.004","article-title":"FORZA\u2014Digital forensics investigation framework that incorporate legal issues","volume":"3","author":"Ieong","year":"2006","journal-title":"Digital Investigation."},{"key":"ref_25","unstructured":"Ribaux, O. (2007). Forensics, Intelligence by the Trace, PUR Presses Polytechnique."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1093\/lpr\/2.1.47","article-title":"Forensic intelligence and crime analysis","volume":"2","author":"Ribaux","year":"2003","journal-title":"Law Probab. Risk"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1016\/j.forsciint.2004.12.028","article-title":"The contribution of forensic science to crime analysis and investigation: Forensic intelligence","volume":"156","author":"Ribaux","year":"2006","journal-title":"Forensic Sci. Int."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1016\/j.forsciint.2009.10.027","article-title":"Intelligence-led crime scene processing. Part I: Forensic intelligence","volume":"195","author":"Ribaux","year":"2010","journal-title":"Forensic Sci. Int."},{"key":"ref_29","unstructured":"Oxford University Press Available online: http:\/\/oxforddictionaries.com\/definition\/evidence?q=evidence."},{"key":"ref_30","unstructured":"Oxford University Press Available online: http:\/\/oxforddictionaries.com\/definition\/intelligence?q=intelligence."},{"key":"ref_31","unstructured":"Mithas, S. (2012). Digital Intelligence: What every Smart Manager Must Have for Success in an Information Age, FinerPlanet."},{"key":"ref_32","unstructured":"Stanhope, J. Welcome to the Era of Digital Intelligence. Available online: http:\/\/www.xplusone.com\/uploads\/case_studies\/Welcome_To_The_Era_Of_Dig.pdf."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1016\/0378-8733(91)90008-H","article-title":"The application of network analysis to criminal intelligence: An assessment of the prospects","volume":"13","author":"Sparrow","year":"1991","journal-title":"Soc. Netw."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1007\/s10588-005-5377-0","article-title":"Communication networks from the Enron email corpus \u201cIt\u2019s always about the people. Enron is no different\u201d","volume":"11","author":"Diesner","year":"2005","journal-title":"Comput. Math. Organ. Theory"},{"key":"ref_35","first-page":"201","article-title":"Finding hidden group structure in a stream of communications","volume":"3975","author":"Baumes","year":"2006","journal-title":"Intell. Secur. Infor."},{"key":"ref_36","unstructured":"Zhou, D., Song, Y., Zha, H., and Zhang, Y. (, 2005). Towards Discovering Organizational Structure from Email Corpus. Proceedings of the 4th IEEE International Conference on Machine Learning and Applications, Los Angeles, CA, USA."},{"key":"ref_37","unstructured":"Diesner, J., and Carley, K.M. (, 2005). Exploration of Communication Networks from the Enron Email Corpus. Proceedings of the Workshop on Link AnalysisCounterterrorism and Security, SIAM International Conference on Data Mining, Newport Beach, CA, USA."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1007\/s10588-005-5379-y","article-title":"Structure in the Enron email dataset","volume":"11","author":"Keila","year":"2005","journal-title":"Comput. Math. Organ. Theory"},{"key":"ref_39","unstructured":"NetworkX. Available online: http:\/\/networkx.github.com\/."},{"key":"ref_40","unstructured":"Vlado, A. Pajek Wiki. Available online: http:\/\/pajek.imfm.si\/doku.php."},{"key":"ref_41","unstructured":"Gephi. Available online: https:\/\/gephi.org\/."},{"key":"ref_42","unstructured":"IBM i2 Intelligence Analysis Platform. Available online: http:\/\/www-03.ibm.com\/software\/products\/en\/intelligence-analysis-platform."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/6\/3\/584\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T21:15:51Z","timestamp":1760217351000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/6\/3\/584"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,9,12]]},"references-count":42,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2014,9]]}},"alternative-id":["fi6030584"],"URL":"https:\/\/doi.org\/10.3390\/fi6030584","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,9,12]]}}}