Date Added: Oct 2010
In log files, not all information/events are recorded and it is thus impossible to trace the paths of secret leaking based on log files alone. In this paper, the authors utilize user-relationship graphs, or social networks, to compensate for the required information. User-relationship-graphs are constructed from several flow-net data structures over a longer period so that they can avoid missing embedded threats such as hostile codes. They call this approach virtual flow-net. From the traces left by criminals, detectives and computer forensic specialists figure out critical evidence of the crimes.