Empirical digital forensics examines real-world digital storage media to develop theories about it. We have built a library of real-world data from 4000 copies of secondary-storage devices including purchased ones. One project looked at patterns of malware to determine where they were most likely to appear. A recent project examined software versions, including malicious ones, and tried to distinguish normal software evolution from abnormal. Other projects rated the value of files and artifacts using novel criteria to enable focusing of investigations. They then used file and artifact similarities to build models of social networks from the data.
Neil C. Rowe is Professor of Computer Science at the U.S. Naval Postgraduate School where he has been since 1983. He has a Ph.D. in Computer Science from Stanford University. His main research interests are in data mining, digital forensics, modeling of deception, and cyberwarfare. He has also worked on text processing, computational geometry, and intelligent tutoring systems.