Formal knowledge model for online social network forensics

Currently, examining social media networks is an integral part of most investigations. However, getting a clear view of the events relevant to the incident from a large set of data, such as social media, is a challenging task. Automation of the forensic and analysis process is the only solution to manage large data sets and get useful information. However, automation in digital forensics is a technical issue with legal implications. The legal system accepts only those automated processes that are reproducible, explainable, and rigorously testable. Therefore, automated forensic processes must be based on formal theories, which are rare in digital forensics. This article explains a theoretical and formal knowledge model for forensic automation on online social networks. This model consists of an event-based knowledge model, which provides theoretical concepts that can assist in the construction and interpretation of the events related to the incident under investigation. The proposed model is implemented through an ontology to provide semantically rich and formal representation to the concepts. This article also describes the feasibility of legally acceptable automated analysis operators, based on a formal theory, for online social network forensics.