Episode Mining in a Forensic Timeline

Episode Mining in a Forensic Timeline

연구 분야: Analysis

학회: 2025 International Conference on Smart Computing, IoT and Machine Learning (SIML)

Event sequence analysis in digital forensic investigations is important for identifying the cause of an event, as well as potential threats or system failures. However, the presence of numerous insignificant patterns due to the large dataset size can slow down the investigation process. This research proposes using episode mining to identify recurring patterns in event sequences and a more in-depth analysis of relevant activities. The proposed method is applied to a forensic timeline, which has not been previously explored in episode mining. The evaluation of five algorithms such as MINEPI+, EMMA, AFEM, MaxFEM and TKE demonstrates that each has its advantages in terms of pattern identification efficiency. Thus, this research provides new information for forensic investigators in selecting the most appropriate method to accelerate threat identification and mitigation in digital forensic investigations.