Proximity, Fuzzy & Stem Search Methods In Digital Forensics Investigation
Searching is the option provided by most of the Forensic software to improve the speed of finding the desired data and simplify the process. In this article, we are going to discuss Proximity Search, Stem Search, and Fuzzy Search techniques. Different Searching algorithms used in Digital Forensic for Criminal Investigation.
Proximity Search Method in Digital Forensics
Proximity Search is one of the searching mechanism which works based on the concept of spacing between the words. It will search for two or more different words occur within a specific distance, Where distance means the number of intermediate words or the characters. The Proximity Search Algorithm help to find the document more specifically and fast if you know two or more words and its spacing within your document.
Proximity Search Technique in Computer Forensics helps to find out the specific document from a bulk collection of documents very fast. It also provides the approximate combination of words as the search result. In Digital Forensic the Proximity Search method is used for the crime investigation purpose. So the Investigator or Examiner is not the owner of the document. In this case, it is difficult to know the correct spacing between the Known words. Because of this scenario Proximity Search Algorithm in Digital Forensics also provide the option to search the words with approximate spacing. In which the Proximity Search technique will perform proximity matching and find out the approximate combination words. It will help to find out the correct document.
Proximity Search Algorithm With MailXaminer
In this section, we will see how to perform the Proximity Search method using MailXaminer to find Emails during criminal Investigation
STEP 1: Open Proximity Search Option
Click on the “Proximity Search” option from the “Search Section” of the MailXaminer.
STEP 2: Input Search Values
Provide approximate combination words in the searching field of Proximity tab and select the number of intermediate words in the Distance field to perform the Proximity Search technique.
STEP 3: Search and View
Click on the Search button. It will show the resultant document which contains the given words in the Proximity Search method.
STEP 4: Export and Bookmark
MailXaminer also provides the option to Export and Bookmark the selected emails from the result in the Proximity Search Algorithm. Check the box infront of resultant emails to select specific emails for Export or bookmark.
STEP 5: Export Option
The export option allows exporting data into various file formats like PDF, PST, MSG, HTML etc.
Stem Search Method in Digital Forensics
It is another searching mechanism using in Computer Forensics, which is based on the root word. That is in Stem Search method it will always search for the variants or the exact match of the given word.
For Ex: If you gave the word “car” then it will give the results like car, cars, carry, caring etc. That is each word is start with the root/ stem word car.
In Digital Forensics, the Stem Search Algorithm is used to find a document with an uncertain word. Using the given root word the Stem Search method will provide the maximum result which contains its variants. During the crime investigation, it helps the Investigator to find any document by using the uncertain word. Stem Search technique will allow you to find all possibilities of an uncertain word.
Stem Search Feature in MailXaminer
The Stem Search feature of the MailXaminer allows you to search for data using root/ stem word. The following section will help you to perform Stem Search Algorithm in MailXaminer.
STEP 1: Search Option
Select the “General Search” option from the “Search Section” of the MailXaminer. The Stem Search mechanism is given within the General Search option.
STEP 2: Select Search Type
In the General Search section select the Stem Search option from the Search Types drop-down menu.
STEP 3: Preview Stem Search Result
Input the root word into the search field which is used to perform Stem Search method. Click on the search button, it will generate the corresponding list of emails which contains variants of the root word using Stem Search Algorithm.
STEP 4: Email View
The resultant email of the Stem Search method will contain the variants of the given stem / root word.
STEP 5: Add Criteria
The tool also provides an additional option for the filter the result more specifically. If you Know two or more words in the document and sure about they are present or not in the document. Then using Add Criteria option and AND, OR, NOT logical operators you can filter the result more easily.
STEP 6: Export and Bookmark
Similar to other search option Stem Search method also provides the option for Export and Bookmark the mails.
STEP 7: Export Option
The export option allows exporting data into various file formats like PDF, PST, MSG, HTML etc.
Fuzzy Search Mechanism in Digital Forensics
Fuzzy Search is a different mechanism when compared to other searching mechanisms. Because in normal searching methods when we need to search a word or document containing that word we need to provide the exact word or the variants of that word without having any mistake. Other ways it will not gives you the correct result. But in Fuzzy Search Algorithm, it is not necessary to give the correct word or string of words, that is it will give you the possible result for search argument even though the words and spellings may not exactly match.
In Digital Forensics the Fuzzy Search mechanism is used when you don’t know the exact argument correspond to the document containing the desired information. So that it will provide all the possible result. It will not consider the spelling or other mistakes on the provided argument. The Fuzzy Search technique is more powerful than the exact search in Investigations. Because it can obtain the result with incomplete or partially correct arguments.
Fuzzy Search Feature of MailXaminer Tool
The Fuzzy Search mechanism is another search option provided by the MailXaminer. The following section shows how the Fuzzy Search performed on the MailXaminer software.
STEP 1: Search Option
Click on the “General Search” option from the “Search Section” of the MailXaminer. The Fuzzy Search method is given within the General Search option.
STEP 2: Select Fuzzy Search
In the General Search section select the Fuzzy Search option from the Search Types drop-down menu.
STEP 3: Preview Fuzzy Search Result
Input the word into the search field which is used to search. Click on the search button, it will generate the corresponding list of mails according to the Fuzzy Search Algorithm.
STEP 4: Email View
The resultant email of the Fuzzy Search mechanism will either contain the same word or contain other words derived from the given word.
STEP 5:Add Criteria
Similar to the Stem Search method, Fuzzy Search method also provides the Add Criteria option and AND, OR, NOT logical operators to filter the result more specifically.
STEP 6: Export and Bookmark
Similar to other search option MailXaminer provides the option to Export and Bookmark the mails in Fuzzy Search Algorithm also.
STEP 7: Export Option
The tool provides the option to export data into various file formats like PDF, PST, MSG, HTML etc.
Conclusion
Searching in Digital Forensic use several types of Searching Algorithms according to the purpose of searching to simplify and improve the speed of the overall process. Proximity Search, Stem Search, Fuzzy Search are three of the Algorithms working entirely different from each other. The Proximity Search method is the one which uses two or more words and its intermediate space for searching. Stem Search method will use the root word to find its variants. Fuzzy Search mechanism used for searching without knowing the exact arguments. MailXaminer provides these searching option to improve the Digital Forensic Searching process and obtain the resultant document very fast.