Page 11 - Understandinging Forensic Technology Landscape
P. 11
Data analytics
What are data analytics? • Search or quantification of known variables —
Database queries can answer the questions of who
Databases and data sets are the backbone of many did what to whom and when by identifying specific
business applications and range in size, structure, and transactions or groups of transaction records,
complexity. Databases are structured data and are summing or quantifying variables, or performing
3
often organized as a “relational database.” A relational computations using the data in various database
database is a set of formally described tables from fields. Sometimes databases can be combined or
which data can be accessed or reassembled in many compared to perform such analyses. For example,
ways without having to reorganize the database tables. the analyst could query the dataset to determine the
amount of sales to a particular customer in a specific
Data analytics is the use of software tools to review, date range.
compile or perform other computational tasks on the
underlying database to provide evidence that may • Rules-based searches for anomalous transactions —
support a conclusion or to determine a course of In these approaches, the analyst uses specific
action. Analytics are typically performed by “querying” criteria to identify anomalous transactions or records.
a database. For example, if one of the columns in a Usually, the analyst knows the criteria to search
database table is the “Transaction Amount” a query either through pilot testing, prior experience, or for
could be written instructing the database to return case-specific reasons. For example, the analyst could
the total of the “Transaction Amounts” from all rows ask for all travel and entertainment reimbursements
of the table. that exceeded a specific threshold amount.
• Anomaly or outlier detection using data-driven
The tools used to perform data analytics fall into approaches — Often, analysts look for anomalies that
four categories: general tools, statistics-based tools, they have not previously encountered. Data-driven
visualization-based tools and big data tools. There is approaches identify events or observations that raise
considerable overlap in the applicability of the tools uncertainties by being significantly different from
because many different applications and approaches the dataset to which they belong or in comparison
can be used to achieve the same analyses.
with other data sets. Anomalous data can be further
interrogated to determine if it is connected to issues
Data analytics in the forensic context or events such as abnormal expenses, bank fraud,
false claims and the like. For example, visualization or
Given how frequently businesses rely on databases, statistical analysis can identify unusual transactions
they are likely to contain evidence relevant to a forensic when transactions are compared to the data as a
engagement. Although data analytics can be used in a whole.
variety of ways throughout a forensic engagement, the
types of tasks are usually one of three types:
3 This reference guide is focused on structured data analytics. Other types of databases and sources of digital evidence exist which may contain “unstructured data” that is also utilized in a
forensic engagement. Unstructured data may be text-heavy and have little definition making analytics challenging. Examples of unstructured data include emails, photos and video.
Understanding the forensic technology landscape | 7
