Angela Orebaugh, Jason Kinser, Jeremy Allnutt


As cybercrime continues to increase, new cyber forensics techniques are needed to combat the constant challenge of Internet anonymity. In instant messaging (IM) communications, criminals use virtual identities to hide their true identity, which hinders social accountability and facilitates cybercrime. Current instant messaging products are not addressing the anonymity and ease of impersonation over instant messaging. It is necessary to have IM cyber forensics techniques to assist in identifying cyber criminals as part of the criminal investigation. Instant messaging behavioral biometrics include online writing habits, which may be used to create an author writeprint to assist in identifying an author of a set of instant messages. The writeprint is a digital fingerprint that represents an author’s distinguishing stylometric features that occur in his/her computer-mediated communications. Writeprints can provide cybercrime investigators a unique tool for analyzing IM-assisted cybercrimes. The analysis of IM author writeprints in this paper provides a foundation for using behavioral biometrics as a cyber forensics element of criminal investigations. This paper demonstrates a method to create and analyze behavioral biometrics-based instant messaging writeprints as cyber forensics input for cybercrime investigations. The research uses the Principal Component Analysis (PCA) statistical method to analyze IM conversation logs from two distinct data sets to visualize authorship identification.


writeprints; authorship attribution; authorship identification; principal component analysis

Full Text:



Abbasi, Ahmed, & Chen, Hsinchun. (2005). Applying authorship analysis to extremist-group web forum messages. Intelligent Systems, IEEE 20.5, 67-75.

Abbasi, Ahmed, & Chen, Hsinchun. (2006). Visualizing authorship for identification. Intelligence and Security Informatics, 60-71.

Abbasi, Ahmed, & Chen, Hsinchun. (2008). Writeprints: A stylometric approach to identity-level identification and similarity detection in cyberspace. ACM Transactions on Information Systems, 26(2), 7.

BioPassword. (2006). Authentication Solutions Through Keystroke Dynamics. Retrieved on April 2, 2013 from

Cross, Michael. (2008). Scene of the Cybercrime. Syngress Publishing, 679-690.

De Vel, Olivier, Anderson, A., Corney, M., & Mohay, G. (2001). Mining e-mail content for author identification forensics. ACM Sigmod Record, 30(4), 55-64.

De Morgan, A. & Elizabeth S. (1882). Memoir of Augustus De Morgan. Longmans, Green, and Company, 216.

Fafinski, Stefan, & Minassian, Neshan. (2008). UK Cybercrime Report 2008. New York, NY: Garlik, 1-55.

Hayne, Stephen C., Pollard, Carol E., & Rice, Ronald E. (2003). Identification of comment authorship in anonymous group support systems. Journal of Management Information Systems, 20(1), 301-326.

Jain, Anil K., Arun, R., & Prabhakar, Salil. (2004). An introduction to biometric recognition, IEEE Transactions on Circuits and Systems for Video Technology, 14(1), 4-20.

Kucukyilmaz, Tayfun, B., Cambazoglu, Cevdet Aykanat, & Can, Fazli. (2008). Chat mining: Predicting user and message attributes in computer-mediated communication. Information Processing & Management, 44(4), 1448-1466.

Love, H. (2002). Attributing authorship: an introduction. Cambridge University Press, 15.

Moores, Trevor, & Gurpreet Dhillon. (2000). Software piracy: A view from Hong Kong. Communications of the ACM, 43(12), 88-93.

Orebaugh, A. (2006). An Instant Messaging Intrusion Detection System Framework: Using character frequency analysis for authorship identification and validation. Carnahan Conferences Security Technology, Proceedings 2006 40th Annual IEEE International. IEEE, 160-172.

Orebaugh, A., & Allnut, J. (2009). Identifying and characterizing instant messaging authors for cyber forensics. IATAC Magazine, 12(3), 20-22.

Orebaugh, A., & Allnut, J. (2010). Data mining instant messaging communications to perform author identification for cybercrime investigations. Digital Forensics and Cyber Crime, 99-110.

Rodrigues, Ricardo N., Lee Luan Ling, & Govindaraju, Venu. (2009). Robustness of multimodal biometric fusion methods against spoof attacks. Journal of Visual Languages & Computing, 20(3), 169-179.

Teng, Gui-Fa, Lai, Mao-Sheng, Ma, Jian-Bin, & Li, Ying. (2004). E-mail authorship mining based on SVM for computer forensic. Machine Learning and Cybernetics, 2004. Proceedings of 2004 International Conference, 2, IEEE, 1204-1207.

Zheng, Rong, Li, Jiexun, Chen, Hsinchun, & Huang, Zan. (2006). A framework for authorship identification of online messages: Writing style features and classification techniques. Journal of the American Society for Information Science and Technology, 57(3), 378-393.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

(c) 2006-2015 Association of Digital Forensics, Security and Law