Computer Forensics Research Based On The Outlier Mining Technology To Construct Characteristic Value Model

With the rapid development of computer technology and the wide application of electronic equipment,crime which related computer equipment as tools and media increasingly diversified.With the acceleration of electronic evidence legalization,computer forensics arises at the historic moment.Computer forensics is a kind of multi-disciplinary comprehensive research combines computer science,law,criminal investigation science and so on.From computer forensics was put forward to today,in all areas of computer forensics experts and scholars made in-depth theoretical knowledge and technical methods of this research.On the one hand,many forensics tools has been developed,on the other hand many forensics model is put forward.Along with the further research,many research problems also appear gradually,because of computer science technology updates more quickly and more rich content.Therefore,in the process of problems involving computer technology has a certain complexity.In the face of the problems in the computer forensics involves data recovery technology,this paper devotes to the following work:1.Summarized the development of computer forensics technology,introduces the computer forensics technology research.First,introduces the related concepts of electronic evidence and computer forensics,secondly introduces the commonly used technology of computer forensics are analyzed in detail the partition structure of Windows and Linux operating system and file system,summarizes the characteristics of FAT,NTFS and Ext3 file system.On the basis of the different file system environment data recovery technology are introduced and obtain evidence of the application of strategy.2.Design a computer forensics model based on the constructing feature set.The model references to the disadvantages of traditional model in terms of obtaining evidence,joined by the abnormal module of the model.Model building feature set that evidence file characteristics can feedback to obtain evidence stage,the application of the data recovery technology helps to obtain evidence stage,thus forming a kind of self-learning system of evidence collection.3.On the basis of building of forensics model based on feature set,designed using the outlier mining technology to construct the feature set model.The basic idea of this method is that by using Pearson correlation coefficient formula and cosine similarity algorithm,to find out the similarity coefficient of files,then using the outlier mining techniques to find abnormal file.At the end of the paper,combining with experiment,determining several parameters in the algorithm and the algorithm are evaluated.