Applications Of Data Mining Technology In Computer Crime Forensics

With rapid development and wide application of Internet, the computer crime forensics becomes more and more serious and the caused loss also becomes bigger. In order to prevent computer crime by using of legal weapons, how to extract the evidence of computer crime becomes the primary problem, and the research of computer crime forensics was born at the right moment. At present, domestic and foreign experts and scholars are studying the problem of computer crime forensics, but all are limited to keyword search, pattern matching, and file attribute analysis techniques. These techniques are lack of massive data processing capacity; require significant human intervention in forensics, and cannot possible to predict the potential computer crime; lack of mining computer evidence and crime patterns capabilities among the hidden information. Data mining technology has powerful data processing capabilities; reduce human intervention and has the advantages of automation and intelligence; has descriptive and predictive functions. According to disadvantages of current forensics tool, combined with advantages of data mining technology in data processing, more and more experts and scholars begin to study how to apply the data mining technology to the field of computer crime forensics.First, in order to mine the relevant evidence of computer crime from the mass of data and association rules among data items, and further mine crime laws, trends and connections among different crimes, according to the special requirements of computer crime, it proposes two improved algorithms to special requirements of computer crime based on FP-Growth algorithm. One algorithm improves FP-Growth algorithm on the generation method of the frequency 1-set and the sensitivity of the new crime. The other improves FP-Growth algorithm on regarding different nature of crime record as different weight, so that the different nature of the criminal record has a different importance, greatly improves these records'the possibility of generating association rules. Theoretic analysis and experimental results demonstrate that the improved algorithms are more suitable for computer crime forensics field.Second, in order to better classify criminal behavior and generate knowledge of crime, according to the versatility of ID3 algorithm and the uniqueness of forensic data, it puts some improvements of ID3 algorithm in terms of information gain to make it more suitable for computer crime forensics field data, and theoretic analysis and experimental results demonstrate that the improved algorithm is effective.