E-mail Fragment Carving Model and Algorithm Based on Set Theory

doi:10.3969/j.issn.1000-3428.2014.05.066

Computer Engineering

E-mail Fragment Carving Model and Algorithm Based on Set Theory

LI Bing-long^a,b, ZHANG Chuan-fu^c, HAN Zong-da ^a,b, WANG Qing-xian ^a,b

(a. Fourth Institute; b. State Key Laboratory of Mathematical Engineering and Advanced Computing; c. Third Institute, PLA Information Engineering University, Zhengzhou 450004, China)

Received:2013-01-22 Online:2014-05-15 Published:2014-05-14

基于集合论的E-mail碎片雕刻模型及算法

李炳龙^a,b，张传富^c，韩宗达^a,b，王清贤^a,b

(解放军信息工程大学，a. 四院；b. 数学工程与先进计算国家重点实验室；c. 三院，郑州 450004)

作者简介:李炳龙(1974－)，男，副教授、CCF会员，主研方向：数字犯罪取证调查，信息系统容灾；张传富，讲师；韩宗达，硕士研究生；王清贤，教授、博士生导师。
基金资助:
国家自然科学基金资助项目(60903220)；郑州市科技攻关计划基金资助项目“基于内存及存储介质的网络取证调查系统”。

Abstract

Abstract: To acquire fragment E-mail evidence from storage medium, this paper analyzes the E-mail fragment file carving problem on the base of the set partition theory, determines the fragment file carving thought. According to the model, it designs E-mail fragment file carving algorithm model including preprocessing, E-mail file fragment subset determination, connected relation determination between E-mail fragments. By using hexadecimal editor, it expounds internal structure features of E-mail file, combined with the characteristics of fragment mail head and tail and embedded html files, discusses the fragment attributes in storage medium, and gives the adjacent rules among concentration characteristics, follow characteristics, linear properties and information characteristics from the fragments. Experimental results show that the algorithm can acquire E-mail evidence more effectively.

Key words: E-mail file carving, digital crime investigation, fragment subset, characteristic identifier, compound file type, fragment adjacent rule

摘要： 为获取存储介质中的碎片E-mail证据，利用集合论原理对邮件碎片文件雕刻问题进行分析，确定基于集合论划分思想的碎片文件雕刻思路。设计包含预处理、E-mail文件碎片子集确定、E-mail碎片间的连接关系确定等过程的邮件碎片文件雕刻算法模型。利用十六进制编辑器，阐述E-mail文件的内部结构特征，结合碎片邮件头尾和内嵌的html文件特征，论述存储介质上碎片的属性，给出碎片间的集中特性、跟随特性、线性特性以及信息特性的连接规则。实验结果表明，碎片邮件文件雕刻算法能更有效地获取邮件证据。

关键词: E-mail文件雕刻, 数字犯罪调查, 碎片子集, 特征标, 复合文件类型, 碎片连接规则

CLC Number:

TP301.6

LI Bing-long, ZHANG Chuan-fu, HAN Zong-da, WANG Qing-xian. E-mail Fragment Carving Model and Algorithm Based on Set Theory[J]. Computer Engineering, doi: 10.3969/j.issn.1000-3428.2014.05.066.

李炳龙，张传富，韩宗达，王清贤. 基于集合论的E-mail碎片雕刻模型及算法[J]. 计算机工程, doi: 10.3969/j.issn.1000-3428.2014.05.066.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.3969/j.issn.1000-3428.2014.05.066

http://www.ecice06.com/EN/Y2014/V40/I5/317

References

参考文献 [1] Haggerty J, Karran A, Lamb D. A Framework for the Forensic Investigation of Unstructured Email Relationship Data[J]. International Journal of Digital Crime and Forensics, 2011, 3(3): 1-18. [2] Lin Hanhe. Predicting Sensitive Relationships from Email Corpus[C]//Proc. of the 4th International Conference on Genetic and Evolutionary Computing. [S. l.]: IEEE Press, 2010: 264-267. [3] Gupta G, Mazumdar C, Rao M S. Digital Forensic Analysis of E-mails: A Trusted E-mail Protocol[J]. International Journal of Digital Evidence, 2004, 2(4): 1-14. [4] Iqbal F, Binsalleeh H, Fung B, et al. Mining Write Prints from Anonymous E-mails for Forensic Investigation[J]. Digital Investigation, 2010, 3(2): 1-9. [5] Banday M T. Analysing E-mail Headers for Forensic Investi- gation[J]. Journal of Digital Forensics, Security and Law, 2011, 6(2): 49-64. [6] Fellows G H. The Joys of Complexity and the Deleted File[J]. International Journal of Digital Forensics & Incident Response, 2005, 2(2): 89-93. [7] Carrier B. File System Forensic Analysis[M]. [S. l.]: Addison Wesley, 2005. [8] Cohen M. Advanced Carving Techniques[J]. International Journal of Digital Forensics & Incident Response, 2007, 4(3/4): 119-128. [9] Garfinkel S L. Carving Contiguous and Fragmented Files with Fast Object Validation[J]. International Journal of Digital Forensics & Incident Response, 2007, 4(9): 2-12. [10] Wei Yingjie, Zheng Ning, Xu Ming. An Automatic Carving Method for RAR File Based on Content and Structure[C]// Proc. of the 2nd International Conference on Information Technology and Computer Science. [S. l.]: IEEE Press, 2010: 68-72. [11] Yoo B, Park J, Lim S, et al. A Study on Multimedia File Carving Method[J]. Multimedia Tools and Applications, 2012, 61(1): 243-261. [12] Conti G, Bratus S, Shubina A, et al. Automated Mapping of Large Binary Objects Using Primitive Fragment Type Classification[J]. International Journal of Digital Forensics & Incident Response, 2010, 7(8): 3-12. [13] 张鹏, 陈焘, 刘宏伟, 等. 基于身份密码的安全电子邮件系统[J]. 计算机工程, 2009, 35(6): 194-196. [14] 梁力, 严建伟, 聂影. 基于源地址约束的垃圾邮件过滤模型[J]. 西安交通大学学报, 2005, 39(4): 376-379. [15] Tomar D S, Malviya O, Verma R. Analysis Framework for Quality Measurement of Carving Techniques[C]//Proc. of National Conference on Emerging Trends in Computing and Communication. Hamirpur, India: [s. n.], 2008: 421-426. [16] Garfinkel S, Paul F, Vassil R, et al. Bringing Science to Digital Forensics with Standardized Forensic Corpora[J]. International Journal of Digital Forensics & Incident Response, 2009, 6(9): 2-11. 编辑顾逸斐

Please choose a citation manager

Content to export

E-mail Fragment Carving Model and Algorithm Based on Set Theory

基于集合论的E-mail碎片雕刻模型及算法

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

[1]	WANG Shuai, YANG Hengxin, YANG Hua. Tree Anti-Collision Algorithm Based on Pseudo ID Code [J]. Computer Engineering, 2020, 46(4): 177-182.
[2]	LI Guohe, YANG Shaowei, WU Weijiang, ZHENG Yifeng. Clustering-based Missing Value Filling Method for Continuous Data [J]. Computer Engineering, 2019, 45(9): 32-39.
[3]	HUANG Wenming, WEI Wancheng, ZHANG Jian, DENG Zhenrong. Recommendation Method Based on Attention Mechanism and Review Text Deep Model [J]. Computer Engineering, 2019, 45(9): 176-182.
[4]	YANG Chen, LIANG Yiwen, TAN Chengyu, ZHOU Wen. Optimized Dendritic Cell Algorithm Combined with XGBoost [J]. Computer Engineering, 2019, 45(9): 194-197,203.
[5]	ZHUANG Lichun, ZHANG Zhengjun, ZHANG Naijin, LI Jundi. Improved UDEED Algorithm Based on Nonlinear Logistic Model [J]. Computer Engineering, 2019, 45(7): 208-211.
[6]	CUI Liqun,GUO Xiangzhuo,GUO Jun,HUANG Diwen. Overload control strategy for sporadic real-time system [J]. Computer Engineering, 2019, 45(6): 108-114.
[7]	WANG Simeng,CAO Jia. Community structure detection algorithm for heterogeneous edge network [J]. Computer Engineering, 2019, 45(6): 140-145.
[8]	MAO Delei,TANG Yan. Collaborative filtering algorithm based on attribution theory for user preference extraction [J]. Computer Engineering, 2019, 45(6): 225-229,236.
[9]	HU Hengming,LIU Weiyue. Research of Polar Codes Based on Binary Symmetric Channel [J]. Computer Engineering, 2019, 45(4): 78-81.
[10]	WANG Jing,YANG Dan. Sparse Non-negative Matrix Factorization Algorithm Based on Proximal Alternating Linearized Minimization [J]. Computer Engineering, 2019, 45(2): 220-225,232.
[11]	CHEN Yaowang,YAN Wei,YU Dongjin,XU Kaihui,XIA Yi,YANG Wei. Personalized Internet Bar Game Recommendation Based on Deep Learning [J]. Computer Engineering, 2019, 45(1): 206-209,216.
[12]	WU Ruliang,WANG Zilei,XI Hongsheng. A DASH Client Optimization Algorithm Based on Multiple Servers [J]. Computer Engineering, 2018, 44(11): 306-312.
[13]	LIU Zhengming,MA Hong,LIU Shuxin,YANG Yizhuo,LI Xing. A Network Representation Learning Algorithm Fusing with Textual Attribute Information of Nodes [J]. Computer Engineering, 2018, 44(11): 165-171.
[14]	WANG Wei,XU Lingze,ZHOU Yuning,PAN Peng. Transceiver Design Based on Nonlinear Precoding in MIMO Interference Channel [J]. Computer Engineering, 2018, 44(10): 136-140.
[15]	MAO Yimin,WANG Jiawei,LU Xinrong. Uncertain EFCM-ID Clustering Algorithm Based on General Distributed Interval Number [J]. Computer Engineering, 2018, 44(10): 175-181,189.

模态框（Modal）标题

Please choose a citation manager

Content to export

E-mail Fragment Carving Model and Algorithm Based on Set Theory

基于集合论的E-mail碎片雕刻模型及算法

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments