| The development of technologies of computer and Internet brings us a great convenience. However, everything has two sides, it also brings us unexpected negative impact. New types of crimes that are both aided by computer and aimed at computer are rising up. Computer crime has become an urgent problem for police and law enforcement agencies throughout the world. In this circumstance, digital forensics is emerging. Usually, the amount of original data, which is collected from so many sources and in different file formats, is massive. So, effective methods are needed to solve these numerous electronic data. Data mining is the very effective method. It can extract interest information from numerous electronic data.A digital forensic model is designed, according to the research of digital forensics at home and abroad, and the procedure of digital forensics. Data minging is applied in the data analysis of the model. The sparks of this model are follows: The model, which is designed in light of the procedure of digital forensics, is integrated. It is not only adapted to single computer forensics and network forensics but also adapted to the forensics on attacking or after attacking. Combined with the concrete need, different analysis techniques are adopted. The model includes three parts that are collection module, analysis module and presentation module. And all modules' function is detailed. In this paper, data is analyzed by data mining technique in the analysis module. The application of data mining is elaborated in intrusion detection, confirmation of offenders and analysis of audit data based on a hypothesis of security case. The feasibility of this model and the viable of data mining in digital forensics are fully demonstrated by simulating with Analyzer2.1 and iDA instruments. |
PDF Full Text Request