Investigative profiling is an important activity in computer forensics that
can narrow the search for one or more computer perpetrators. Data mining is
a technique that has produced good results in providing insight into large volumes
of data. This paper describes the use of a well-known data mining technique,
attribute-oriented induction, together with newly designed profile analysis
methodology, for the purpose of identifying irregularities in computer logs.
The process relies on background knowledge in the form of concept hierarchies,
and uses a distance measure to estimate the level of contrast between records
generalised from formatted computer log data. Results obtained have shown the
process to perform according to expectations.