Today’s digital word technologies information in computer world, there is extremely large increase in crime like money laundering, unauthorized access, ethical hacking, fraud detection in different domain etc. So, investigation of such cases deserve a lot more important, in this forensic investigation computer devices plays a major role. In Digital forensic analysis seized digital devices can provide precious information and evidences about facts and/or individuals on which the investigational activity is performed. In this paper we proposed document clustering algorithms to digital forensic analysis of computers seized devices in police investigations. In the Digital forensic analysis of investigation, used total six famous partition (k-means, k-medoids and CSPA) algorithm and hierarchical (Single Link, Complete Link and Average Link) document clustering algorithms are used. This is applied datasets for five real-world investigation cases conducted by the Brazilian Federal Police Department. Also two validity index are used to find out how many clusters are formed. This experiments show that the Average Link and Complete Link algorithms provide the best results for the application domain. This reviews different existing text clustering and Document clustering multithreading methods is used with computer forensic analysis.

Digital Forensic Analysis, Document Clustering, Text Clustering,Multithreading

[1] Filipe daCruz, Nassif and Eduardo Raul Hruschka, “Document Clustering for Forensic Analysis: An Approach for Improving Computer Inspection” IEEE, Transactions on information forensics and security, VOL 8.No. 1, January 2013.
[2] A. K. Jain, R. C. Dupes, Algorithms for Clustering Data. Englewood Cliffs, NJ: Prentice-Hall, 1988.
[3] L. Kaufman, P. Rousseeuw, Finding Groups in Gata: An Introduction to Cluster Analysis. Hoboken, NJ: Wiley-Interscience, 1990.
[4] R. Xu, D. C.Wunsch, II, Clustering. Hoboken, NJ: Wiley/IEEE Press, 2009.
[5] A. Strehl and J. Ghosh, “Cluster ensembles: A knowledge reuse framework for combining multiple partitions,” J. Mach. Learning Res., vol. 3, pp. 583–617, 2002.
[6] B. K. L. Fei, J. H. P. Eloff, H. S. Venter, and. S. Oliver, “Exploring forensic data with self-organizing maps,” in Proc.IFIP Int. Conf. Digital Forensics, 2005, pp. 113–123.
[7] N. L. Beebe and J. G. Clark, “Digital forensic text string searching: Improving information retrieval effectiveness by thematically clustering search results,” Digital Investigation, Elsevier, vol. 4, no. 1, pp. 49–54, 2007.
[8] F. Iqbal, H. Binsalleeh, B. C. M. Fung, and M. Debbabi, “Mining write prints from anonymous e-mails for forensic investigation,” Digital Investigation, Elsevier, vol. 7, no. 1–2, pp. 56–64, 2010.
[9] R. Hadjidj, M. Debbabi, H. Lounis, F. Iqbal, A. Szporer, and D. Benredjem, “Towards an integrated e-mail forensic analysis framework, “Digital Investigation, Elsevier, vol. 5, no. 3–4, pp. 124–137, 2009.
[10] L. Liu, J. Kang, J. Yu, and Z. Wang, “A comparative study on unsupervised feature selection methods for text clustering,” in Proc. IEEE Int. Conf. Natural Language Processing and Knowledge Engineering, 2005, pp. 597–601.
[11] L. Vendramin, R. J. G. B. Campello, and E. R. Hruschka, “Relative clustering validity criteria: A comparative overview,” Statist. Anal. Data Mining, vol. 3, pp. 209–235, 2010.
[12] Jensen, J.H., Ellis, D., Christensen, M.G., Jensen, and S.H.: Evaluation distance measures between Gaussian mixture models of mfccs. Proc. Int. Conf. on Music Info. Retrieval ISMIR-07 Vienna, Austria pp. 107–108 (October, 2007)
[13] C. M. Bishop, Pattern Recognition and Machine Learning. New York: Springer-Verlag, 2006.