Upload
baldwin-edwards
View
213
Download
1
Embed Size (px)
Citation preview
Quantification of Digital Forensic Hypotheses UsingProbability Theory
Richard E Overill & Jantje A M SilomonKing’s College London
Kam-Pui Chow & Hayson TseUniversity of Hong Kong
Synopsis
• Introduction & Background• Probabilistic Models• Simplifying Assumptions• Results & Interpretation• Summary & Conclusions• Questions & Comments?
Introduction & Background
• Possession of Child Pornography (CP) is a serious offence in HK, UK and elsewhere
• Under prosecution, 2 common defences are:– Trojan Horse (when many CP images are recovered)– Inadvertent (when a few CP images are recovered
amongst many non-CP images)• We used complexity theory to quantify the
plausibility of the THD (ICDFI-2012, ICDFI-2013)• Here we use probability theory to quantify the
plausibility of the Inadvertent Defence (ID)
Probabilistic Models
• Greedy download – every image on website– the probability distribution is trivially singular.
• Selective download – a representative sample of images on website– Infinite website: probabilities do not change as
download proceeds – use the Binomial Theorem;– Finite website: probabilities change as images are
downloaded – use the “Urn/Bag of balls” model.
Simplifying Assumptions
• Random browsing behaviour.• Random distribution of CP images on website.• No duplicates in download. • Single download session.• Single website.• Single computer.• One individual.
Results & Interpretation
• 2 actual HK cases:– Case 1: 248/30,000 images were CP (2010);– Case 2: 84/714,430 images were of CP (2013).
• “worst case” (prosecution) results:
“worst-case” probabilities Finite Model Infinite Model
Case 1 0.0304 0.0254
Case 2 0.0807 0.0435
Case 1 - Probability Distributions
Finite Model Infinite Model
Case 2 - Probability Distributions
Finite Model Infinite Model
Summary & Conclusions• Infinite model worst-case results (2.5% & 4.3%)
suggest a criminal prosecution is feasible.• Finite model worst-case results (3% & 8%) also
suggest a criminal prosecution is feasible but are influenced by assumptions of website size.
• Non-worst-case probabilities fall off rapidly:σ ≈ √μ
• Simple probability models can be used to quantify the plausibility of the Inadvertent defence (ID) against possession of CP.
Questions & Comments?
[email protected]/staff/richard/