Predicting Crime Scene Attendance

Predicting Crime Scene Attendance Abstract This Paper ascertains the feasibility of using a data mining supervised learning algorithm to predict which crime scenes potentially offer the best opportunity of recovering forensic samples such as finger prints or DNA. UK Police Forces have a finite number of Crime Scene Investigators and an ever increasing demand to attend crime scenes. Most Forces have a documented attendance criterion but crimes are not evenly distributed throughout the working day. This, at times, results in more scenes to examine than there are investigators thereby posing the question, “Which scenes should be attended first in order to retrieve forensics.” The Insightful Miner data mining workbench tool has been used to retrieve, combine, clean, manipulate and model the data. The results from Northamptonshire Police have demonstrated that the modelling process is able to predict crime scene attendance to an accuracy of sixtyeight percent which is significantly better than human experts. The methodology was used in a second Police Force (Gwent) which records data into different computer systems and the results were comparable to those achieved in Northamptonshire Police. This demonstrates that the methodology is portable between Forces.

Introduction The importance of forensic intelligence (principally fingerprint or DNA identifications) as a standard forensic technique for the investigation and detection of a wide spectrum of crime types from volume crime (burglary and auto crime) to serious and major crime such as rape and murder is now well established. Some ten years ago an evaluation of UK police service use of forensic science revealed a lack of awareness by police officers of forensic science and wide variations between forces in the number of Crime Scene Investigators (CSIs) relative to the numbers of police officers or the number of reported crimes (Tilley & Ford, 1996). In the same year, a joint report by the Association of Chief Police Officers and the UK Forensic Science Service (Association of Chief Police Officers & Forensic Science Service [ACPO], 1996) noted that, for most UK police forces with a limited number of CSIs, a ‘selective attendance’ policy is most appropriate. The report viewed as good practice having an ‘informed assessment process’ for the deployment of CSIs to crime scenes where CSI resource is a limiting factor. This resource limitation was felt to be the norm in most police forces and, therefore, the report recommended that CSIs should only be deployed to crime scenes offering most promise of forensic recovery. The ‘informed assessment process’ is based on a police officer’s assessment of the forensic potential of a crime scene using their judgement and knowledge of forensic science ironically, something which Tilley & Ford demonstrated that average officers were unable to do. Most often, the assessment is made by a police officer attending

1

the crime scene although the assessment can be made by questioning the victim of a crime over the telephone. Subsequent reviews such as Her Majesty’s Inspectorate of Constabulary [HMIC], 2000) and (HMIC 2002) emphasised the importance of a ‘CSI Attendance Criteria’ that focussed CSI resource on those volume crime scenes most likely to yield forensic intelligence. Most recently, (Williams, 2004) recognised the importance of an agreed scene attendance criteria to control police officer expectations of CSI activity. Despite the emphasis on the need for proper control over CSI activity and the ‘informed assessment process’, there is still a wide variation amongst UK police forces in terms of the percentage of volume crime attended by a CSI. Only six of the forty-three UK police forces attend more than 95 percent of reported domestic burglaries and, for theft of motor vehicle offences, only nineteen forces attend more than half of the reported offences. One force attended less than three percent of reported theft of motor vehicle incidents (Police Standards Unit [PSU], 2005). A number of reasons present themselves for varying scene attendance rates, but chief among them (Tilley & Ford, 1996), is the lack of awareness by police officers of the potential for forensic recovery. Despite this being a concern highlighted in 1996 (Tilley & Ford, 1996; ACPO, 1996), it was still an issue noted by (Williams, 2004) who commented that ‘The current study supports the finding of previous research, that uniformed police officers, especially junior officers who are likely to be the first to attend the majority of burglary scenes, generally do not have a good understanding of the nature, availability, or evidential potential of the range of physical evidence at crime scenes’. In this paper we consider a novel approach to CSI deployment that removes the difficulties experienced with the ‘informed assessment process’ when based on police officer judgement. While not restricted to policing and the application of forensic science, generally, humans find it difficult to compile systematic knowledge unless the number of variables is small and each variable’s range is also small. Police officers and CSIs will attend the scenes of many crimes and will become familiar with certain geographical areas and the crimes committed within. However, they will not cover the entire spectrum of physical locations and offence types, therefore, with the combinatorial explosion of variables concerned with crime scene locations, offence types etc., they will be unable to successfully predict forensic yield. The aim of this study was to ascertain whether forensic potential could be quantified in a systematic way with a computer based model, with a view to empirically determining how CSIs should be deployed. In order to ensure that the model could be ported to other UK police forces, only basic data variables that are routinely collected by police Command and Control or crime recording systems were used. Our focus is on volume crime as these incidents make up the bulk of police work and are more sensitive of discretional CSI attendance.

2

Data Used Northamptonshire Police record all of their crime into an ORACLE based relational database which was written and developed in-house. The Scientific Support Department use the Trak-X computer system to record and manage all scientific support functions. Trak-X was designed in-house and developed by an external software supplier. Crime and forensic data between 1st January 2000 and 19th July 2005 was used for this study. The data sets were merged to produce 28,490 individual records relating to volume crime scenes; burglary dwelling, burglary in commercial buildings, theft of and theft from motor vehicles. These four offence types were chosen for a number of reasons as they: •

Offer potential to examine a large number of crime scenes for forensic material.

•

Are key offences for most police forces and also the UK Home Office (Home Office 2004)

•

Are typically ‘recidivist’ offences.

From February 2004, all commercial and dwelling burglaries and all theft of motor vehicle offences that were notified to a CSI received a visit and scene examination for forensic evidence. This attendance policy was intended to exclude any artificial ‘screening’ of offences prior to a visit by a CSI. However, data prior to this time had already been screened to ascertain the value of a forensic examination. This screening also applied to all theft from motor vehicle offences in the above period. There is approximately a fifty percent split regarding those scenes where forensic evidence (fingerprints, DNA and footwear marks) have been recovered and those where nothing has been recovered. In order for this system to be used by different police forces it was important to use data variables that would be generally available at the time of despatching the CSI to the crime scene. These variables would be generated from the original Command and Control incident report or the crime recording system. For this study the following variables were used in modelling:Dependant variable was ForensicCollected The variables below were independent:•

Sub Division

•

Beat

•

Sub Beat

•

500 meter Ordnance Survey grid reference block

•

Offence 3

•

Month of crime

Two supervised learning algorithms were used to model the data; classification neural network (Swingler, 1996) and Naïve Bayes (Duda & Hart, 1973; Langley & Sage 1994). Supervised learning techniques are used in the generic areas of prediction, forecasting, categorisation and classification problems. The model learns from a set of known data and is subsequently tested on a set of data that has not yet been submitted to the model. The output from these techniques is a confidence level (probability) between zero and one, the closer to one is an indication of how good the classification process has been. A wide variety of practical application areas use this technique some of which are medical, utilities, leisure, pattern recognition and robotics.

Methodology Data mining encompasses a range of techniques each designed to interpret data to provide additional information to assist in its understanding. This reveals insights into a range of functions in an organisation which can assist in the areas of decision support, prediction, resource handling, forecasting and estimation. The techniques trawl systems which often contain voluminous amounts of data items which has limited value and difficult to examine in its original format, finding hidden information producing benefits to the organisation. Data mining embraces a range of techniques such as neural networks, statistics, rule induction, data visualisation etc., examining data within current computer systems with a view to identifying operational issues by uncovering useful, previously unknown information. Today computers are pervasive in all areas of organisational activities which has enabled the recording of all workplace operations making it possible not only to deal with record keeping and information for performance management but also, via the analysis of those operations, to improve operational performance. This has led to the development of the area of computing known as Data Mining (Adriaans & Zantinge, 1996). The majority of organisations record and store large amounts of data in a variety of databases and often there is restricted access to these data. In order to glean information, a user would ask a specific range of questions, for example; who is the most prolific offender? The ironic reality of the information age is that we are overwhelmed with information. Pertinent research questions are not articulated because the task of comprehending the full dimensions of an information system is too large to sensibly work through the myriad of possibilities. Data mining can provide methods to identify the questions to be asked in order to gain a greater understanding of the data and analytical processes (Meltzer, 2004). By applying the techniques identified above, organisations have utilised their data relating to tasks such as identifying customers’ purchasing behaviour, financial trends, anticipate aspects of demand, reduce and detect fraud etc. For example, by employing

4

such techniques J Sainsbury (“Mine all Mine”, 1996) is said to have saved £500,000 a year by analysing patterns of shoplifting within its stores. Although the practice of mining data has been performed for a number of years the term data mining has only recently received credibility within the business community. The Gartner Group analysts’ (SAS, 2000) estimate that within targeted marketing, the number of companies using data mining will increase from the current level of five percent to eighty percent within 10 years. Currently, little use has been made of data mining techniques within policing, the majority of police computer systems do not utilise such technology. Early attempts to introduce data mining concentrated on visualisation techniques and expert systems (Canter & House, 1996; Haughton, 1993) with varying degrees of success but have never transferred into main stream policing. There is, however, great scope for these techniques to be used (McCue el al, 2002; Mena, 2003). CRISP-DM

The CRoss Industry Standard Process for Data Mining (CRISP-DM) illustrated below) has been the data mining cyclic methodology used within the Northamptonshire Police project as it was designed by a consortium of businesses to be used with any data mining tool and within all business areas (Chapman et al, 2000). It is also reported to be the most widely used methodology (Giraud-Carrier & Povel, 2003) and is recommended for use in crime prevention and detection (Mena 2003). We deal below with each of the phases of the CRISP-DM. In general terms the data mining modelling cycle involves a number of stages. Initially, it is important to have a clear understanding of the business domain in order to understand the operational analytical processes (Thomsen, 1998), the problems that are to be surmounted, the opportunities that may be realised and to assess the availability of data. Exploring and preparing the data, although time consuming (Sherman, 2005), is a crucial stage in the cycle. New fields may be derived from one or more existing fields, missing and boundary values identified and processed, relationships between fields and records identified form some of the pre-processing tasks that assist in cleaning the data prior to the mining process. Once data has been prepared for mining, the modelling stage can begin. Choosing and developing models involve domain knowledge (Brachman & Anand, 1996; Chen et.al., 2004), the results of which are validated against known or expected results and either deployed or refined. This is an iterative process as the results produced by the techniques alone may not provide the desired business advantage.

5

Figure 1. CRISP-DM modelling Cycle Business Understanding This initial phase focuses on understanding the project objectives and requirements and then converting this knowledge into a data mining problem definition with a preliminary plan designed to achieve the objectives. At this stage the links across various aspects of the project will be refined. Data Understanding The data understanding phase starts with an initial data collection and proceeds with activities in order to get familiar with the data, to identify data quality problems, to discover first insights into the data, or to detect interesting subsets to form hypotheses for hidden information. Coded subsets from qualitative and observational aspects of the project may be included from this point onward. Data Preparation The data preparation phase covers all activities to construct the final dataset (data that will be fed into the modelling tool(s)) from the initial raw data. Data preparation tasks are likely to be performed multiple times, and not in any prescribed order. Tasks include table, record, and attribute selection as well as transformation and cleaning of data for modelling tools. Modelling In this phase, various modelling techniques are selected and applied, and their parameters are calibrated to optimal values. Typically, there are several techniques for the same data mining problem type. Some techniques have specific requirements on

6

the form of data. Therefore, stepping back to the data preparation phase is often needed. Evaluation At this stage in the project a model (or models) has been built that appears to have high quality, from a data analysis perspective. Before proceeding to final deployment of the model, it is important it is thoroughly evaluated, the construction steps are reviewed and to be certain it properly achieves the business objectives. A key objective is to determine if there is some important business issue that has not been sufficiently considered. At the end of this phase, a decision on the use of the data mining results should be reached. Deployment Creation of the model is generally not the end of the project. Even if the purpose of the model is to increase knowledge of the data, the knowledge gained will need to be organised and presented in a way that an organisation can use. Depending on the requirements, the deployment phase can be as simple as generating a report or as complex as implementing a repeatable data mining process. Insightful Miner This work was undertaken using the commercially available data mining workbench software tool, Insightful Miner. This tool uses a graphical user interface to retrieve, manipulate, model and present data. This is accomplished by placing nodes onto a worksheet to build the required business process and passing the data through that process. The Insightful Miner neural network algorithm has four variations, Conjugate Gradient, Resilient Propagation, Quick Propagation and Delta-Bar-Delta. They vary in the way in which the learning rate, decay and momentum parameters are established and used. To ascertain whether these variations affect the modelling results the data was separated into 10 bins of randomly selected records of approximately equal sizes. Each bin has a fifty percent split of forensic data as described above in the Data section. The bins were used to conduct 10-fold cross validation modelling tests (Bishop, 1996; Quinlan, 1996). For example a model was created using bin one and then tested using bins two to ten, the results are averaged for the model, the next model was created using bin two and tested using bin one and bins three to ten etc. The results in Table 1 have confirmed that there is no significant difference between any of these modelling variations.

7

Figure 2. Insightful Miner Data Mining Workbench Tool Naive Bayes will “learn” from the data to give a probability reading for each new crime based upon the below formula:   P (1)  P(1, ForensicsObtained ) = P( SubDiv, OffenceSet , CrimeMonth | 1)  P( SubDiv, OffenceSet , CrimeMonth 

Results A problem was established when using the Naïve Bayes algorithm. If one of the variables in the testing set has not been encountered in the training set the equation equals zero and the model fails to provide a result. This occurred in the bins as grid reference blocks and Sub Beats were not evenly distributed across all of the bins. Therefore the Bayes modelling was conducted on a subset of the variables listed above and can be identified in the equation. This could cause practical difficulties should the geography of a Force change, for example Beats are recoded etc. Laplace estimators would eliminate this problem but the algorithm within Insightful Miner does not natively support this feature. The neural network classification algorithm does not suffer from this problem. 1

Q-Prop, 1 hidden layer, 10% test

8

2

3

4

5

6

7

8

9

10

11

Training

48.33%

Testing

48.23%

Q-Prop, 1 hidden layer, 50% test Training

49.00%

Testing

49.28%

Q-Prop, 1 hidden layer, 10% test, remove GridRefs Training

47.59%

Testing

47.77%

Q-Prop, 1 hidden layer, 50% test, remove GridRefs Training

45.90%

Testing

45.77%

R-Prop, 1 hidden layer, 10% test Training

47.84%

Testing

48.19%

R-Prop, 1 hidden layer, 50% test Training

45.86%

Testing

46.96%

R-Prop, 1 hidden layer, 10% test, remove GridRefs Training

48.33%

Testing

48.23%

R-Prop, 1 hidden layer, 50% test, remove GridRefs Training

45.90%

Testing

45.77%

DeltaBar, 1 hidden layer, 10% test Training

47.59%

Testing

47.77%

DeltaBar, 1 hidden layer, 50% test Training

41.64%

Testing

42.96%

DeltaBar, 1 hidden layer, 10% test, Remove GridRefs Did not work

12

NaiveBayes

9

Training

46.08%

Testing

66.53%

Table 1. Results of 10-Fold Cross Validation Table 1 shows the results of twelve different tests all completed using the 10-fold cross validation technique described above. Although training and testing sets were established, internally, the classification neural network algorithm separates the training data into its own training and testing sets. The user can configure the separation percentage. The tests were also conducted with/without Ordnance Survey grid reference blocks. The above table identifies that the Bayes algorithm performed better than the neural network classifier using 10-fold cross validation. However due to the equation issue above and previous modelling using police data (Adderley & Musgrove, 2003; Adderley, 2003) further testing was conducted. To ensure a larger data set was available for training, bins one to seven were combined to create a large training set and bins eight to ten were each used to test the model. The Quick Propagation variation and the Naïve Bayes were taken to this next phase of testing. The results from the testing bins were averages and the accuracy reported by the Quick Propagation model was recorded as 66.53 percent and the Naïve Bayes accuracy was 69.16 percent. To try an improve the accuracy, additional variables were used in two further sets of data, temporal and modus operandi (MO) each of which were used in conjunction with the basic variable set described above. The additional temporal variables were:•

Overnight: A flag field containing 1 to represent whether the crime occurred between 2200 hours on day one and 0700 hours on day two and containing a 0 if not.

•

Known day: A categorical field containing the day of the week on which the crime occurred if it could be ascertained and left blank if not.

•

Weekend: A flag field containing 1 to represent whether the crime occurred between 1800 hours on a Friday and 0900 hours on a Monday and containing a 0 if not.

The additional MO variables were:•

Location of entry: A categorical field identifying where entry was gained. For example; FRONT, REAR, SIDE etc., the field is blank if unknown.

•

Point of entry: A categorical field identifying the point of entry. For example; DOOR, WINDOW, PATIO DOOR etc., the field is blank if unknown.

10

•

Method of entry: A categorical field detailing how entry was gained. For Example; UNKNOWN INSTRUMENT, SHARP INSTRUMENT, BODILY PRESSURE etc., the field is blank if unknown.

Table 2 below illustrates the accuracy of using the different combinations of variables. The addition of MO variables has the greatest impact on the modelling. However, only the data set containing the basic geographical variables can be guaranteed to be available in every UK police force at the time of despatching CSIs to crime scenes. Basic Vars

Basic + Temporal Vars

Basic + MO Vars

Bayes

68.59%

69.20%

74.5%

Q-Prop

63.59%

64.01%

69.5%

Table 2. Data Set Results The result of the model is a list of crimes that has a probability associated with each one as to the likelihood of recovering a forensic sample at the scene. Table 3 below is an example of such a list. Crime Ref

Sub Div

Offence Set

Crime Month

Forensic Collected

Probability

Predict class

NN/24163/03

NN

BDwell

DEC

1

0.82

1

NC/2835/05

NC

BDwell

MAY

1

0.68

1

NN/7587/02

NN

BOther

JUN

0

0.67

1

NN/16787/02

NN

TOMV

OCT

1

0.62

1

NN/12133/04

NN

TOMV

JUL

1

0.62

1

NC/1757/01

NC

TOMV

MAY

0

0.49

0

NC/14454/02

NC

TOMV

NOV

0

0.37

0

NN/31877/03

NN

BOther

MAR

0

0.20

0

NW/14184/05

NW

TFMV

FEB

0

0.16

0

ND/6657/00

ND

TFMV

JAN

0

0.16

0

Table 3. Priority Attendance List Table 3 illustrates the results of the modelling process by listing a random set of ten crime scenes from one of the testing sets. The “Forensics Collected” column shows the actual results of attend the crime scene; 1 = Forensic sample recovered; 0 = No forensic recovery. The “Probability” column is the model’s priority rating for scene attendance. The higher the percentage the more likely a forensic sample will be recovered from the scene. The “Predict class” column is the model’s prediction as to whether a forensic sample is likely to be recovered. 1 = Forensic sample recovered; 0 = No forensic recovery. In the example above, crime scene reference NN/7587/02 did not produce a forensic recovery however the model predicted that there would be a recovery. Therefore, in this instance, the model was inaccurate. For this set of ten crimes the model agreed 11

with the actual results in ninety percent of the crime scenes. Overall, however, the model’s accuracy is about sixty-eight percent. The data displayed in Table 3 can be varied to suit the requirement of the Force from displaying only minimal information to displaying full crime scene and location information. Gwent Police

In order to ascertain the external validity and portability of the results presented here, Gwent Police Forensic Science Department agreed to participate in this study. Their data is recorded in the Socrates computer system which is used in a number of UK police forces to record and manage forensic data. Their detection data is recorded in a Microsoft Excel spreadsheet. Insightful Miner was used to manipulate and model the data. Due to the recent implementation of Socrates within the Force the data used in this part of the study was between 1st January 2005 and 12th March 2006. This resulted in 6,750 crime scenes visited by CSIs. There was a total of 17,296 recorded burglary dwelling, burglary other building, theft of and theft from motor vehicle offences (volume crime) during the same time period. The forensic and crime scene data was merged resulting in a data set containing 11,800 records with an approximate fifty percent split regarding those scenes where forensic evidence has been recovered and those where nothing has been recovered. The variables used for both the Bayes and Quick Propagation were:Dependant variable was ForensicsCollected The variables below were independent:•

Post Code Sector

•

Beat

•

500 meter Ordnance Survey grid reference block

•

Offence

•

Month of crime

This data was also separated into ten bins of approximately equal sizes, bins one to seven were combined into a data set used for training and bins eight to ten each used for testing. Both the Bayes and Quick Propagation network algorithms were used. The accuracy reported by the Quick Propagation model was recorded as 81.79 percent and the Naïve Bayes accuracy was 88.84 percent. Model Benchmarking

Although the models produce a percentage accuracy reading it is not clear whether this is acceptable. A question could be asked, “Are CSIs as good or better than the 12

computer models?” To answer this question Every Northamptonshire Police CSI was given a list of 50 randomly selected crimes. The list contained the following variables:•

Sub Division

•

Beat

•

Sub Beat

•

Offence

•

Street

•

District

•

Town

They were asked to use their experience to suggest whether a forensic sample would be recovered from the crime scene based on the above information. There was a ranking used; 1 to 10, 1 being uncertain and 10 being certain. All 1 to 5 responses were encoded as NO and 6 to 10 as YES. The results of actual recovery for each scene were known but not available to the CSIs. The results of the questionnaires were averaged and the accuracy of human experts predicting forensic recovery was thirty-nine percent. Many of the CSIs explained that the crime scene data could not be properly assessed as there was insufficient information. A second set of data was prepared using a different randomly selected 50 crimes using the above variables plus those listed below relating to the modus operandi (MO):•

Location of entry

•

Point of entry

•

Method of entry

The results were calculated as above and the average accuracy of prediction rose to forty-one percent.

Conclusion The aim of this study was to ascertain whether a computer model could be used to aid the prioritisation of crime scene attendance by directing CSIs towards those scenes that could possibly yield the best forensic recovery. The results presented here suggest that neural network models can be trained using past known examples of crime scene attendance to predict which scenes will offer the best opportunity of recovering a forensic sample. The models performed better than their human expert counterparts, the CSIs.

13

A further aim of ensuring the portability of these techniques has also been realised. The initial business process models were trained and tested using data from a bespoke computer system written for Northamptonshire Police. These processes were tested using data from Gwent Police which was based on a widely used Forensic recording and management computer system, Socrates. The results were comparable. By using only the basic set of geographic variables the processes established in Northamptonshire were transferable to Gwent. It is important to state, however, the results should not be used in isolation. There are many other factors that should be taken into consideration when deploying CSIs. For example, vulnerability of victims, repeat victimisation, physical location of CSIs, Force policy. Further work to be considered is:1. To enhance the capabilities of the neural networks to predict which crime scenes that yield forensic samples subsequently lead to the identification of a named person. 2. Test the business process modelling using another Force’s data providing that Force uses the Lo-Card forensic management system. This is another widely used computer system within UK policing. 3. Consider the effect that screening offences for a forensic examination has on the accuracy of the model.

References Adderley, R. & Musgrove, P.B. (2003). Modus operandi modelling of group offending: a data mining case study. The International Journal of Police Science and Management 5 (4) 265-276. Adderley, R. (2003). The use of data mining techniques in active crime fighting, International conference on computer, communication and control technologies and the 9th international conference on information systems analysis and synthesis, 31 July – 3 August 2003. (Orlando): CCCT and ISAS, 356-361. Adriaans, P., & Zantinge, D. (1996). Data Mining, New York, Addison-Wesley. Association of Chief Police Officers & Forensic Science Service. (1996). Using Forensic Science Effectively. London: ACPO. Bishop, C. M., (1995). Neural Networks for Pattern Recognition, Oxford University Press, Oxford. Brachman, R., J., & Anand, T. (1996). The Process of Knowledge Discovery in Databases. In Advances in Knowledge Discovery and Data Mining, Usama M. Fayyad, et al., American Association for Artificial Intelligence, AAAI Press, California. 14

Canter, D. (Chair) & House, J. C. (1996). Towards a Practical Application of Offender Profiling: The RNC’s Criminal Suspect Prioritization System, Investigative Psychology Conference, Liverpool, UK. Chapman, P., Clinton, J., Kerber, R., Khabaza, T., Reinhertz, T., Shearer, C., Wirth, R. (2000). CRISP-DM 1.0 Step-by-step data mining guide, USA: SPSS Inc. CRISPWP-0800. Chen, H., Chung, W., Xu, J.J., Qin, G. W. Y., Chau, M. (2004). Crime data mining: a general framework and some examples. COMPUTER, 37(4) 50-56. Duda, R.O., & Hart, P.E. (1973). Pattern Analysis and Scene Analysis, New York; John Wiley. Giraud-Carrier, & C., Povel, O. (2003). Characterising data mining software. Journal of Intelligent Data Analysis. 7(3) 181-192. Her Majesty’s Inspectorate of Constabulary. (2000). Under the Microscope. London: ACPO. Her Majesty’s Inspectorate of Constabulary. (2002). Under the Microscope Refocused. London: ACPO. Haughton, E., (1993, January 20). Digging for Gold. Computing, 20th 20-21. Home Office (2004). National Policing Plan 2005-2008, Home Office, UK. Langley, P., & Sage, S. (1994). Induction of selective Bayesian classifiers, Proceedings 10th Conference on Uncertainty in Artificial Intelligence, Seattle, WA; Morgan Kaufmann 339-406. McCue, C., Stone, E. S., Gooch, T, P. (2002). Data mining and value-added analysis: more science, less fiction. FBI Law Enforcement Bulletin, November 2003. Meltzer, M. (2004). Using data mining on the road to successful BI, Part 1, Data Mining Direct Special Report, 21st September 2004. Retrieved May 2, 2005 from http://www.dmreview.com/editorial/newsletter_more.cfm?nl=bireport Mena, J. (2003). Investigative data mining for security and criminal detection. Burlington MA, Elsevier Science. Mine, all Mine. (1996, October 10).Computing Police Standards Unit. (2005). Forensic Performance Monitors, London: Home Office. Quinlan J, R,. (1996). Bagging, boosting, and C4.5. Proceedings 13th National Conference on Artificial Intelligence, August 4 - 8. Portland USA. SAS (2000), Data Mining Home Page, Retrieved on June 5, 2000 from http://www.sas.com/software/data_mining.

15

Sherman, R. (2005). Data integration advisor: set the stage with data preparation, DM Review, February 2005. Swingler, K. (1996). Applying NeuralNnetworks; A Practical Guide. San Francisco: Morgan Kaufman Thomsen, E. (1998, March). Presentation: Very Large Data Bases, Fourth Annual Very Large Database Summit, Beverly Hills, California. Tilley, N., & Ford, A. (1996). Forensic science and criminal investigation. (Crime Detection and Prevention Paper 73). London: Home Office. Williams, S. R. (2004). The Management of Crime Scene Examination in Relation to the Investigation of Burglary and Vehicle Crime. Home Office: London.

16