Is Multi-perspective Visualisation recommended for E-discovery Email Investigations?

Turkay, C. & Sathiyanarayanan, M. (2016). Is Multi-perspective Visualisation recommended for E-discovery Email Investigations?. Paper presented at the IEEE VIS 2016 Workshop - Creation, Curation, Critique and Conditioning of Principles and Guidelines in Visualization, 23 Oct 2016, Baltimore, USA.

[img]
Preview
Text - Accepted Version
Download (49kB) | Preview

Abstract

Problem Statement: To help improve efficiency and reduce costs involved in an electronic discovery1 (E-discovery) process for email investigations, visualisations can be of great help, and they can change the way analysts/investigators understand contacts, messages in inboxes and their relationship. Though email data is a central resource in E-discovery processes [1,2] but the existing tools such as JigSaw, INSPIRE and DocuBurst are not capable of handling this dynamic, heterogeneous and relational data. As the socio-technical systems have grown in complexity, E-discovery analysts who are not that tech-savvy are looking for a simple and effective visualisation tool to detect, analyse and understand anomaly behaviours in email communication. This project is in close collaboration with the Redsift Limited London who are currently working on E-discovery related projects.

Case Study: Enron [3] scam is a well-known case in the data visualisation field. Enron produced fake profit reports and company’s accounts which led to bankruptcy. Most of the top executives were involved in the scam, as they sold their company stock prior to the company’s downfall. The Enron email is available for the public to access. In our work, we will be using the Enron data as a test case for designing and user-testing.

Workshop: We conducted couple of workshops to understand analysts requirements. The first workshop was with a legal team of six solicitors in Bangalore, India. They use Excel as a tool for their investigations. They liked the simple visualisations but found the manual search and data arrangements strenuous. The second workshop was with an intelligence analyst who works at the cyber investigation department, Bangalore, India. He uses E-discovery tools such as Jigsaw, Concordance by LexisNexis and/or INSPIRE to analyse unstructured data. He finds the visualisations to be complex and difficult to understand.Workshop

Suggestions: The five-point visualisation features
summarised for E-discovery email investigation are:
1. Multi-faceted: representation must be supported with a multifaceted search feature to display various granularities.
2. Multi-modality: representation must include temporal behaviours, individuals' action, connections and text/topic responses.
3. Multi-level: representation must have a drill-down approach (multiple levels) to filter and sort the data based on the multimodality and present with some visual cues about what to consider and what not to (investigation cueing).
4. Multi-aggregation: representation must be systematically organised based on the multiple aggregations from the higher level (top-level) to all the consecutive levels which helps in building visual summaries that can be presented legally.
5. Multi-juxtaposition: representations must be effective for displaying multiple relationships and comparison when placed close together or side by side.

Proposed Solution: Based on the workshop suggestions and the limitations of the current tools that generate email visualisations, we propose a multi-perspective approach (shown in the Figure 1) that will generate elementary (simple) and intelligible automated visual representations for displaying the most relevant information from the email data and aid in comparing two subsets of information.

Item Type: Conference or Workshop Item (Paper)
Additional Information: © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: School of Engineering & Mathematical Sciences > Engineering
URI: http://openaccess.city.ac.uk/id/eprint/16155

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics