Tuesday 5th November, 2013
8:40am to 9:15am
There is a deep belief among computer forensics practitioners that improved visualizations will make it easier to address the onslaught of data that we face daily. But creating a good visualization is hard work. Many visualizations require careful planning and tuning, and they do not readily generalize to other data sets, let alone other practitioners or organizations. A second problem faced by open source practitioners is deciding which visualization technology to use — there are so many to choose from, including static PDF files, static web pages, and interactive graphics. Then there is the purpose of the visualization, whether it is to help the investigator find new information or to explain a complicated case to a third party. This talk describes visualization choices, shows examples drawn from open source data sets, and discusses the visualization choices made in the development of scale-free one-page PDF visualizations for pcap files (tcpflow) and disk images (bulk_extractor).
Sign in to add slides, notes or videos to this session