CN103729397A - Method for achieving electronic evidence data analysis based on time tracks - Google Patents
Method for achieving electronic evidence data analysis based on time tracks Download PDFInfo
- Publication number
- CN103729397A CN103729397A CN201310522675.8A CN201310522675A CN103729397A CN 103729397 A CN103729397 A CN 103729397A CN 201310522675 A CN201310522675 A CN 201310522675A CN 103729397 A CN103729397 A CN 103729397A
- Authority
- CN
- China
- Prior art keywords
- time
- electronic evidence
- data
- evidence data
- window
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Operations Research (AREA)
- Economics (AREA)
- Marketing (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a method for achieving electronic evidence data analysis based on time tracks. The method includes the steps of extracting time characteristics of electronic evidence data, collecting and storing the electronic evidence data uniformly on the basis of the time characteristics, determining the window size of each time window on a time axis, carrying out filtering and clustering analysis on the electronic evidence data corresponding to each time window so as to extract key characteristics of the electronic evidence data, and substituting each time window on the time axis with the corresponding key characteristics and drawing the time axis again. According to the method for achieving electronic evidence data analysis based on the time tracks, the electronic evidence data can be further dug and analyzed more comprehensively on the basis of the time tracks and the time characteristics of the data, interference data on the time axis are greatly reduced, and accordingly forensic analysis staff can visually observe relevant rules and features of an event and obtain key information of electronic evidences more quickly; the method is easy and convenient to use and has a wider application range.
Description
Technical field
The present invention relates to data analysis field, relate in particular to electronic evidence data analysis field, specifically refer to a kind of method that realizes electronic evidence data analysis based on time locus.
Background technology
At present, intelligent mobile communication apparatus has been popularized and has been widely used in life, office and all kinds of real-time calculating field, intelligent mobile communication apparatus of today not only has traditional address list, SMS, also can provide the information such as task arrange, mail, file, position, these information can better reflect user's various information.
The current electronic evidence analysis method comparison for intelligent mobile communication equipment is single, fewer to the preprocessing process of data, conventionally address list, note, task arrange, mail etc. data is independently shown in the mode of list, as shown in Figure 1.And this electronic evidence analytical approach cannot be carried out degree of depth excavation to electronic evidence data, during forensics analysis, will cause the regularity of a lot of sensitivities, the omission of distinctive evidence data.
Summary of the invention
The object of the invention is to overcome the shortcoming of above-mentioned prior art, provide a kind of analysis that can realize based on time locus and data time feature electronic evidence data are carried out further and more all sidedly mining analysis, reduce that data on time shaft are disturbed, method application is easy, there is broader applications scope based on time locus, realize the method for electronic evidence data analysis.
To achieve these goals, the method that realizes electronic evidence data analysis based on time locus of the present invention has following formation:
Should based on time locus, realize the method for electronic evidence data analysis, its principal feature is that described method comprises the following steps:
(1) extract the temporal characteristics in described electronic evidence data;
(2) described electronic evidence data are gathered and unify storage based on temporal characteristics;
(3) determine the window size of time window on time shaft;
(4) the corresponding electronic evidence data of each time window are filtered with cluster analysis to extract key feature wherein;
(5) each time window on time shaft is replaced by corresponding key feature and redraws time shaft.
Preferably, described electronic evidence data comprise address list data, phone data, note data, task arrange data, mail data, file data and position data.
Preferably, described gathers described electronic evidence data and unifies storage based on temporal characteristics, comprise the following steps:
(21) described electronic evidence data are taked to unified data evidence obtaining form storage;
(22) described electronic evidence data are carried out to the extensive processing of data;
(23) will based on temporal characteristics, gather through the extensive electronic evidence data of data.
Preferably, the window size of time window on the described countershaft of timing really, comprises the following steps:
(31) length of window that original time window is set is 1 hour;
(32) time shaft is cut apart according to the length of window of time window;
(33) similarity within each time window of parallel computation judge that its similarity, whether lower than systemic presupposition similarity value, if so, continues step (34), otherwise continue step (35);
(34) adjust the window size of the time window of this time period, then continue step (32);
(35) determine the window size of time window on time shaft.
More preferably, described systemic presupposition similarity value is 0.6.
Preferably, described to the corresponding electronic evidence data of each time window filter and cluster analysis to extract key feature wherein, comprise the following steps:
(41) the corresponding electronic evidence data of each time window are carried out to filtration treatment;
(42) extract the text message in the corresponding electronic evidence data of each time window and extract the key feature in text message.
Adopted and based on time locus, realized the method for electronic evidence data analysis in this invention, can realize that analysis based on time locus and data time feature is carried out further electronic evidence data and mining analysis more all sidedly, greatly reduced the interfering data on time shaft, make forensics analysis personnel can observe intuitively related law and the feature of event, the Activity Show of more intuitively equipment possessor being at the appointed time engaged in scope out, obtain more quickly the key message of electronic evidence in each time period, method application is easy, there is range of application widely.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of electronic evidence data analysis in prior art.
Fig. 2 is the process flow diagram of realizing the method for electronic evidence data analysis based on time locus of the present invention.
Fig. 3 is the process flow diagram of definite time window size of the present invention and key feature.
Fig. 4 is the electronic evidence data schematic diagram after calibration on time shaft in chronological order.
Fig. 5 is the schematic diagram of electronic evidence data analysis after joining day window of the present invention.
Embodiment
In order more clearly to describe technology contents of the present invention, below in conjunction with specific embodiment, conduct further description.
The major technique step of the method that realizes electronic evidence data analysis based on time locus of the present invention is as described below:
(1) electronic evidence is carried out to pre-service, extract implicit temporal characteristics in the electronic evidence data such as address list, note, task arrange, mail, file, position.
(2) take unified data evidence obtaining form, the evidence data unifications such as address list, note, phone are stored, and using time point as crucial analytical factor.All electronic evidences of collecting are carried out to data extensive, and gather based on temporal characteristics.
(3) conventionally because the electronic evidence of collecting has comprised a large amount of contents, if directly the electronic evidence of extensive mistake is calibrated on time shaft according to the sequencing of time, by the analysis result obtaining as Fig. 4.
As can see from Figure 4, the arrangement of all kinds of electronic evidences is than comparatively dense and mixed and disorderly, and forensics analysis personnel cannot be directly observe behavior and the feature of comparison rule in from the graph.
Therefore, the method for this method is introduced the concept of " time window ", and the data on time shaft are carried out to further feature extraction.Time window need to arrange a suitable window size.If time window arranges too small, can not embody the effect that interfering data is rejected, time window is excessive can filter out too much vaild evidence data.
The size adjustment of time window is carried out according to the flow process in Fig. 3.
(31) length of window that original time window is set is 1 hour;
(32) time shaft is cut apart according to the length of window of time window;
(33) similarity within each time window of parallel computation judge that its similarity, whether lower than systemic presupposition similarity value, if so, continues step (34), otherwise continue step (35);
(34) adjust the window size of the time window of this time period, then continue step (32);
(35) determine the window size of time window on time shaft.
(4), after having determined time window, just can filter and cluster the content in each time window.Cluster is mainly carry out Text Information Extraction and extract keyword according to the electronic evidence comprising in this time window.For example, in certain time window, according to incident duration and decimation in frequency, to the principal character of this time window, be " phone, Wang Jingjing, password ".
(5) finally each time window on time shaft is substituted with the key feature being drawn into, and redraw time shaft.
Adopted and based on time locus, realized the method for electronic evidence data analysis in this invention, can realize that analysis based on time locus and data time feature is carried out further electronic evidence data and mining analysis more all sidedly, greatly reduced the interfering data on time shaft, can make forensics analysis personnel can observe intuitively related law and the feature of event, the Activity Show of more intuitively equipment possessor being at the appointed time engaged in scope out, obtain more quickly the key message of electronic evidence in each time period, method application is easy, there is range of application widely.
In this instructions, the present invention is described with reference to its specific embodiment.But, still can make various modifications and conversion obviously and not deviate from the spirit and scope of the present invention.Therefore, instructions and accompanying drawing are regarded in an illustrative, rather than a restrictive.
Claims (6)
1. based on time locus, realize a method for electronic evidence data analysis, it is characterized in that, described method comprises the following steps:
(1) extract the temporal characteristics in described electronic evidence data;
(2) described electronic evidence data are gathered and unify storage based on temporal characteristics;
(3) determine the window size of time window on time shaft;
(4) the corresponding electronic evidence data of each time window are filtered with cluster analysis to extract key feature wherein;
(5) each time window on time shaft is replaced by corresponding key feature and redraws time shaft.
2. the method that realizes electronic evidence data analysis based on time locus according to claim 1, it is characterized in that, described electronic evidence data comprise address list data, phone data, note data, task arrange data, mail data, file data and position data.
3. the method that realizes electronic evidence data analysis based on time locus according to claim 1, is characterized in that, described gathers described electronic evidence data and unify storage based on temporal characteristics, comprise the following steps:
(21) described electronic evidence data are taked to unified data evidence obtaining form storage;
(22) described electronic evidence data are carried out to the extensive processing of data;
(23) will based on temporal characteristics, gather through the extensive electronic evidence data of data.
4. the method that realizes electronic evidence data analysis based on time locus according to claim 1, is characterized in that, the window size of time window on the described countershaft of timing really, comprises the following steps:
(31) length of window that original time window is set is 1 hour;
(32) time shaft is cut apart according to the length of window of time window;
(33) similarity within each time window of parallel computation judge that its similarity, whether lower than systemic presupposition similarity value, if so, continues step (34), otherwise continue step (35);
(34) adjust the window size of the time window of this time period, then continue step (32);
(35) determine the window size of time window on time shaft.
5. the method that realizes electronic evidence data analysis based on time locus according to claim 4, is characterized in that, described systemic presupposition similarity value is 0.6.
6. the method that realizes electronic evidence data analysis based on time locus according to claim 1, it is characterized in that, described to the corresponding electronic evidence data of each time window filter and cluster analysis to extract key feature wherein, comprise the following steps:
(41) the corresponding electronic evidence data of each time window are carried out to filtration treatment;
(42) extract the text message in the corresponding electronic evidence data of each time window and extract the key feature in text message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310522675.8A CN103729397B (en) | 2013-10-28 | 2013-10-28 | Based on the method that time locus realizes electronic evidence data analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310522675.8A CN103729397B (en) | 2013-10-28 | 2013-10-28 | Based on the method that time locus realizes electronic evidence data analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103729397A true CN103729397A (en) | 2014-04-16 |
| CN103729397B CN103729397B (en) | 2017-03-08 |
Family
ID=50453472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310522675.8A Active CN103729397B (en) | 2013-10-28 | 2013-10-28 | Based on the method that time locus realizes electronic evidence data analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103729397B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104615675A (en) * | 2015-01-19 | 2015-05-13 | 苏宁云商集团股份有限公司 | Converged communication method and terminal |
| CN111339379A (en) * | 2020-02-29 | 2020-06-26 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis system |
| CN111353079A (en) * | 2020-02-29 | 2020-06-30 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis suggestion system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1949240A (en) * | 2006-10-10 | 2007-04-18 | 中国科学院软件研究所 | Electronic data evidence obtaining method and system for computer |
| CN102946319A (en) * | 2012-09-29 | 2013-02-27 | 焦点科技股份有限公司 | System and method for analyzing network user behavior information |
| US20130103764A1 (en) * | 2010-06-24 | 2013-04-25 | Arbitron Mobile Oy | Network server arrangement for processing non-parametric, multi-dimensional, spatial and temporal human behavior or technical observations measured pervasively, and related method for the same |
-
2013
- 2013-10-28 CN CN201310522675.8A patent/CN103729397B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1949240A (en) * | 2006-10-10 | 2007-04-18 | 中国科学院软件研究所 | Electronic data evidence obtaining method and system for computer |
| US20130103764A1 (en) * | 2010-06-24 | 2013-04-25 | Arbitron Mobile Oy | Network server arrangement for processing non-parametric, multi-dimensional, spatial and temporal human behavior or technical observations measured pervasively, and related method for the same |
| CN102946319A (en) * | 2012-09-29 | 2013-02-27 | 焦点科技股份有限公司 | System and method for analyzing network user behavior information |
Non-Patent Citations (1)
| Title |
|---|
| 张军: "基于时间序列相似性的数据挖掘方法研究", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104615675A (en) * | 2015-01-19 | 2015-05-13 | 苏宁云商集团股份有限公司 | Converged communication method and terminal |
| CN104615675B (en) * | 2015-01-19 | 2018-01-09 | 苏宁云商集团股份有限公司 | Converged communication method and terminal |
| CN111339379A (en) * | 2020-02-29 | 2020-06-26 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis system |
| CN111353079A (en) * | 2020-02-29 | 2020-06-30 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis suggestion system and method |
| CN111353079B (en) * | 2020-02-29 | 2023-05-05 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis suggestion system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103729397B (en) | 2017-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102439957B (en) | Schedule generating method and communication terminal thereof | |
| CN103944977A (en) | Cloud health information management system and method based on wearable device | |
| DE112012004240T5 (en) | Monitor the resource consumption of an application program | |
| CN103577594A (en) | Lock screen interface information pushing system and method | |
| CN104636240B (en) | A kind of acquisition methods and terminal of information report | |
| CN103093316A (en) | Method and device of bill generation | |
| DE102014107571A1 (en) | A method and system for creating and refining rules for personalized content delivery based on user physical activity | |
| CN103744877A (en) | Public opinion monitoring application system deployed in internet and application method | |
| CN105187092B (en) | A kind of method and apparatus for the interference signal for reducing mobile communication | |
| CN107291615A (en) | A kind of WEB front-end log-output method and device | |
| CN103729397A (en) | Method for achieving electronic evidence data analysis based on time tracks | |
| CN103077021A (en) | System and method for analyzing comprehensive development data of general mobile phone software | |
| CN110519263A (en) | Anti- brush amount method, apparatus, equipment and computer readable storage medium | |
| CN111447507A (en) | Video production method and device, electronic equipment and storage medium | |
| CN106202501A (en) | A kind of information analysis system | |
| CN107085599B (en) | POI recommendation method, device, equipment and computer readable storage medium | |
| CN103810241B (en) | Filter method and device that a kind of low frequency is clicked on | |
| CN111915378A (en) | User attribute prediction method, device, computer equipment and storage medium | |
| CN104091595A (en) | Audio processing method and device | |
| CN107169015B (en) | POI recommendation method, device, equipment and computer readable storage medium | |
| CN107193861B (en) | POI recommendation method, device, equipment and computer readable storage medium | |
| CN106993100A (en) | A kind of smart mobile phone management system from behavioural analysis | |
| CN110889254B (en) | Intelligent thermal analysis system and method for space telescope | |
| CN107894869A (en) | A kind of method, terminal device and the computer-readable medium of split screen processing | |
| CN105786550A (en) | Memory application processing method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |