SIFTER: Search Indices for Text Evidence Relevancy

A session at 4th Annual Open Source Digital Forensics Conference & Workshops

  • Nicole L. Beebe

Tuesday 5th November, 2013

3:00pm to 3:35pm (EST)

SIFTER is being released open-source during summer 2013, and instantiates five years of research to thematically cluster and relevancy rank string search hits. SIFTER is ‘Google’ for digital forensics investigators, enabling them to realistically conduct text-based searches. Valuable digital evidence in many cases is textual in nature, yet existing tools and approaches make it simply unrealistic to search through millions of search hits to find the couple percent that are important to the case. SIFTER is a fundamental paradigm shift in string searching for digital forensic investigators. Now they can review hits ranked based on features typically related to hit relevancy. They can also review hits clustered-individually and regionally-based on thematically related content. This enables investigators to quickly and reliably ignore remaining hits in clusters or cluster regions deemed irrelevant, or alternatively, drill down into clusters and regions to find more relevant hits when some are found. SIFTER is supported by published research, was a funded development project for real-world users, and will soon be available to users as a stand-alone tool. Developers of existing open-source and industry leading closed-source tools will also benefit from this presentation, since the SIFTER approach can be integrated into existing tools.

About the speaker

This person is speaking at this event.
Nicole L. Beebe

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 3:00pm3:35pm EST

Date Tue 5th November 2013

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session