Analysis Mode Of Electronic Evidence Based On Data Mining

With the rapid development of computer forensics technology, management systems haveaccumulated a large amount of electronic evidence. Before the online analytical, simple statisticsand correlation analysis technology have been unable to meet the needs of public security personnel.To obtain hidden knowledge from these complex and chaotic evidences, this thesis presents ananalysis model of electronic evidence based on data mining.The main point of this thesis is to study methods of data mining association rules applying to theanalysis of electronic evidence, analysis improvements lack of the existing association rule miningalgorithms. Besides, in order to meet this system better, this thesis proposes new algorithms.In this thesis, the author proposes and proves improved FP-Growth algorithm called ISPO-treeby a single scan for incremental mining and supporting minor modifications. Then he proposessimilar frequent mining algorithm called DC-STree by making similar rules for unequal propertyvalues. This thesis presents pseudo-codes and analysis examples of electronic evidence for twoalgorithms. The examples verify the effective of them by analysis of electronic evidences.In addition, the author adds a preprocessing mode of electronic evidence to clean, concept layeras well as extract. Then the author proposes and proves the algorithm named frequent criminalactivity circle based on criminal location to improve the problem that the criminal locations areheterozygous and chaos so that it affects the mining goal. the author design a framework andworkflow of the entire system. The model consists of three parts: pre-processing of electronicevidence, frequent pattern mining of electronic evidence, similar frequent pattern mining ofelectronic evidence. In this thesis, diagrams given show the features of the system. Besides, the testresults given contrast with previous similar studies by the methods in this thesis and gives theexplanation.All in all, from the theoretical analysis to the experimental results, the association rulealgorithms are available and effective in this thesis. This thesis provides new ideas for data miningtechnology in the field of electronic evidence analysis applications and expands the using of thistechnology.