The Design And Implementation Of Electornoic Information Mining And Analysis System Based On The Windows Platform

With the rapid development of electronic storage technology, the disk becomes main information storage media, for the Computer Forensics, the electronic information will be the most important object of the forensic. At present, the analysis of electronic data mining software is limited, Overseas software start early, the more powerful functions, but do not take into account China's national conditions, they ignore the many commonly used software to obtain information. The related software starts late in China, there are still many deficiencies, and the function remains to be perfect. The electronic information mining and analysis technology have increasingly become the focus and hotspot of the study of forensic.At first, this article focuses on a variety of related technologies of the user trace. Registry contains the most important and rich user information.It is the focus of the study. This article does an an in-depth research to the binary structure of the registry files analysis of a registry key, key value, data and other structural information. And then it establishes foundation to the related function of registry. This paper studies the Windows event log files *.evt, internet record files index.dat file format, resolution of the relevant record information. This paper studies recycle delete information technology, and focuses on the key file info2's format. This paper also studies information mining in the unallocated space and file slack for the related functions.Next the paper does a depth research for the instant messaging tool QQ, Skype and so on and in order to provide a theoretical foundation. After getting communication data, the paper does a first research on communication object relations, and expands a variety of relations.And then it can obtain the chain of a variety of relations that AN6 can not deal with. Then the paper studies other key technologies, including file analysis technology, dynamic forensics technology, keyword encoding and search technology. The overall goal of the system, running environment, functional requirements, as well as designing details and other features are also described then. Finally, summarize the system development and on the lack propose the next step to make efforts.The system discussed in the paper has rich features and more integrated and automated. It is suitable for the use of personnel at all levels. So the system will have some active action for the development of computer forensics in our country, and has some value to spread.