Forensic data analysis

The Forensic Data Analysis ( FDA) is a branch of computer forensics. It examines structured data from events collar crime. The aim is to detect, or the detection and analysis of patterns of action. Data from application systems or from their underlying databases are referred to as structured data.

In contrast, unstructured data, probably added from communications and office applications or mobile devices. These data have no overarching structure and are analyzed by means of computer forensics regarding keywords and communication operations.


The analysis of most large data sets is typically done in a separate database system of the analyst teams. On the one hand the original systems are generally not sized to large, individual analysis without adversely affecting the normal users are possible. On the other hand, it is methodologically preferable to analyze copies of data on separate systems, thus protecting the analysis team on the charge of changing the original data.

For the analysis of large structured data with the aim of uncovering white-collar crime at least three different specialist expertise in the analysis team will need: A data analyst who can carry out the technical processing of the data and write the actual queries, a team member with detailed knowledge of the processes and internal controls in relevant area of the investigated company and a forensic scientist, the company's harmful ( Employee Pension Scheme ) knows action patterns.

After an initial analysis by the methods of exploratory data analysis of the actual execution of forensic data analysis is usually done iteratively. It is first formed a hypothesis with which patterns of action, the offender may have an advantage. Then the remaining residual traces in the system are searched. Then the hypothesis is refined or discarded.

Especially useful is the combination of different databases, in particular data from different systems or sources. These are usually the offender is not known or can not be subsequently influenced by him.

To view the results often come methods of data visualization used.