| Along with the rapid development of information network, E-mail, as an important and quick means of communication, has been deeply into people's daily work and life. The rich personal information contained inside is significant for investigation and evidence collection, providing important clues to handle cases. E-mail clients offer a friendly user interface, generally favored by netizens. The mail data files preserved become an important target of computer forensics, from which we can mine out and analyze the useable clues.The Email Investigation & Analysis System mentioned in this paper is mainly for Microsoft Outlook and Outlook Express, which are two commonly used e-mail clients. Through parsing of data files kept by mail-client, that is, extract the address, subject, date, mail-content and attachment of related mails from the Pst and Dbx format compound documents, then make statistic and classification according to sender-address or receiver-address. Using social networking analysis, visualization, and other technique to draw mail time-line layout and network layout, we can discover the hidden internal relation network between senders and receivers, and get powerful evidence for cases investigation.This paper described the significance of e-mail survey firstly. Then, introduced in detail the key technologies of the system development: Dbx mail file parsing based on COM technology; Pst mail file parsing based on OLE Automation technology; database access technology used in the system; basic theory of graph drawing and Automating layout algorithm based on GA (Genetic Algorithm). The overall goal of the system, running environment, functional requirements, as well as designing details and other features are also described then. Finally, summarize the system development and on the lack propose the next step to make efforts.The system discussed in the paper has gone through repeated testing and perfecting. At the moment it is in good performance, operation stability and achieves the objectives of the system development. So the system will have some active action for the development of computer forensics in our country, and has some value to spread. |
PDF Full Text Request