| Today, technologies of computer and Internet are revolutionizing our life, making quicker advancement and more convenience possible. However, they also bring unexpected negative impact, say, increasingly rampant computer crime, which is aimed at computer or aided by computer via Internet. Computer crime not only infracts privacy and rights of individual and enterprise, also greatly undermines social development and stability. It has becomes an urgent problem for law enforcement agencies throughout the world. In this context, computer forensics, as a cross subject of computer and law, is emerging.The steps of computer forensic include validating data from crime scene, preserving as much of data in its original form, then analyzing digital evidence and bringing forth the results of analysis in courtroom. Analyzing digital evidence is the most important step to rebuild process and obtain trails of computer crime. Usually, the amount of original evidence data, which is collected from so many sources and in different file formats, is massive. So, a key problem in the field of computer forensics, which needs to be solved, is how to analyze the evidence in effective methods and obtain the useful information to aid the investigation.This paper discuss the procedure and steps of analyzing massive digital evidence using data mining techniques, and introduce some methods of data mining, such as relative rule mining, pattern of frequent sequence mining and outlier detection. But these methods cannot be used to analyze digital evidence directly. So, relative improvements of basic algorithms and methods of pattern analysis are put forward in this paper, and experiment is performed to prove the feasibility. According to these discussions, a scheme to design and implement prototype of computer log forensic system based on data mining techniques is put forward.
|
PDF Full Text Request