CN103729397B - Based on the method that time locus realizes electronic evidence data analysis - Google Patents
Based on the method that time locus realizes electronic evidence data analysis Download PDFInfo
- Publication number
- CN103729397B CN103729397B CN201310522675.8A CN201310522675A CN103729397B CN 103729397 B CN103729397 B CN 103729397B CN 201310522675 A CN201310522675 A CN 201310522675A CN 103729397 B CN103729397 B CN 103729397B
- Authority
- CN
- China
- Prior art keywords
- electronic evidence
- time
- data
- evidence data
- window
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Operations Research (AREA)
- Economics (AREA)
- Marketing (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to a kind of method that electronic evidence data analysis is realized based on time locus, including the temporal characteristics extracted in described electronic evidence data;Described electronic evidence data are collected based on temporal characteristics and are unified storage;Determine the window size of time window on time shaft;Electronic evidence data corresponding to each time window are filtered and cluster analysis is to be extracted key feature therein;Each time window on time shaft is replaced by corresponding key feature and redraws time shaft.The method that electronic evidence data analysis is realized based on time locus using this kind, the analysis based on time locus data temporal characteristics can be realized carries out further and more fully hereinafter mining analysis to electronic evidence data, considerably reduce the interference data on time shaft, forensics analysis personnel are enabled intuitively to observe related law and the feature of event, the key message of electronic evidence is more rapidly obtained, method application is easy, with wider range of application.
Description
Technical field
The present invention relates to data analysis field, more particularly to electronic evidence data analysis field, specifically refer to one kind and are based on
The method that time locus realizes electronic evidence data analysis.
Background technology
At present, intelligent mobile communication equipment has been popularized and has been widely used in living, handles official business and all kinds of real-time calculating necks
In domain, intelligent mobile communication equipment of today does not only have traditional address list, SMS, may also provide task arrangement, mail,
The information such as file, position, these information can preferably reflect the various information of user.
The current electronic evidence analysis method comparison for intelligent mobile communication equipment is single, the preprocessing process to data
Fewer, generally address list, note, task arrangement, mail etc. data are independently shown in the way of list, such as Fig. 1
Shown.And this electronic evidence analysis method cannot carry out depth excavation to electronic evidence data, will cause during forensics analysis
The omission of a lot of sensitive regular, distinctive proof data.
Content of the invention
The purpose of the present invention is the shortcoming for overcoming above-mentioned prior art, there is provided one kind can be realized based on time locus
The analysis of data temporal characteristics electronic evidence data are carried out further and more fully hereinafter mining analysis, reduce time shaft
On data interference, method application is easy, realize electronic evidence data with broader applications scope based on time locus divides
The method of analysis.
To achieve these goals, the method for realizing electronic evidence data analysis based on time locus of the present invention has such as
Lower composition:
The method that electronic evidence data analysis should be realized based on time locus, which is mainly characterized by, and described method includes
Following steps:
(1)Extract the temporal characteristics in described electronic evidence data;
(2)Described electronic evidence data are collected based on temporal characteristics and are unified storage;
(3)Determine the window size of time window on time shaft;
(4)Electronic evidence data corresponding to each time window are filtered and cluster analysis is to be extracted key therein
Feature;
(5)Each time window on time shaft is replaced by corresponding key feature and redraws time shaft.
It is preferred that described electronic evidence data include that address list data, phone data, note data, task arrange number
According to, mail data, file data and position data.
It is preferred that described collected described electronic evidence data based on temporal characteristics and unified storage, including
Following steps:
(21)Described electronic evidence data are taken unified data evidence obtaining form storage;
(22)Described electronic evidence data are carried out data generaliza-tion process;
(23)Electronic evidence data through data generaliza-tion are collected based on temporal characteristics.
It is preferred that on the countershaft of timing really time window window size, comprise the following steps:
(31)The length of window for arranging original time window is 1 hour;
(32)Time shaft is split according to the length of window of time window;
(33)Similarity within each time window of parallel computation simultaneously judges whether its similarity is similar less than systemic presupposition
Angle value, if it is, continue step(34), otherwise continue step(35);
(34)The window size of the time window of this time period is adjusted, then proceedes to step(32);
(35)Determine the window size of time window on time shaft.
More preferably, described systemic presupposition Similarity value is 0.6.
Electronic evidence data corresponding to each time window are filtered and cluster analysis is to extract it is preferred that described
Key feature therein, comprises the following steps:
(41)Filtration treatment is carried out to the electronic evidence data corresponding to each time window;
(42)Extract the text message in the electronic evidence data corresponding to each time window and extract in text message
Key feature.
Employ the method that electronic evidence data analysis is realized based on time locus in the invention, it is possible to achieve based on when
Between the analysis of track data temporal characteristics electronic evidence data are carried out with further and more fully hereinafter mining analysis, greatly
Reduce interference data on time shaft so that forensics analysis personnel can intuitively observe related law and the spy of event
Levy, more intuitively by equipment holder at the appointed time in the range of the Activity Show be engaged in obtain out, more quickly each
The key message of electronic evidence in the individual time period, method application are easy, with wider range of application.
Description of the drawings
Fig. 1 is the schematic diagram of electronic evidence data analysis in prior art.
Fig. 2 is the flow chart of the method for realizing electronic evidence data analysis based on time locus of the present invention.
Fig. 3 is fixed time really for the present invention flow chart of window size and key feature.
Fig. 4 is the schematic diagram after electronic evidence data are calibrated in chronological order on a timeline.
Fig. 5 is the schematic diagram of electronic evidence data analysis after the joining day window of the present invention.
Specific embodiment
In order to more clearly describe the technology contents of the present invention, carry out with reference to specific embodiment further
Description.
The major technique step of the method for realizing electronic evidence data analysis based on time locus of the present invention is as described below:
(1)Electronic evidence is pre-processed, extracts the electronics such as address list, note, task arrangement, mail, file, position
The temporal characteristics implied in proof data.
(2)Unified data evidence obtaining form is taken, the unification of the proof data such as address list, note, phone is stored, and
Using time point as crucial analytical factor.All electronic evidences that collected are carried out data generaliza-tion, and is based on temporal characteristics
Collected.
(3)The electronic evidence for being typically due to collect contains substantial amounts of content, if directly demonstrate,proved the electronics of extensive mistake
Calibrated according to the sequencing according to the time on a timeline, the analysis result as Fig. 4 will be obtained.
It can be seen from figure 4 that the arrangement of all kinds of electronic evidences is than comparatively dense and mixed and disorderly, forensics analysis personnel cannot be direct
The behavior and feature for comparing rule is observed in from the graph.
Therefore, the method for this method introduces the concept of " time window ", carries out further feature to the data on time shaft
Extract.Time window needs to arrange a suitable window size.Can not embody if time window setting is too small disturbs data to pick
The effect that removes, time window are excessive, can filter out excessive vaild evidence data.
The size adjustment of time window is carried out according to the flow process in Fig. 3.
(31)The length of window for arranging original time window is 1 hour;
(32)Time shaft is split according to the length of window of time window;
(33)Similarity within each time window of parallel computation simultaneously judges whether its similarity is similar less than systemic presupposition
Angle value, if it is, continue step(34), otherwise continue step(35);
(34)The window size of the time window of this time period is adjusted, then proceedes to step(32);
(35)Determine the window size of time window on time shaft.
(4)After determining time window, it is possible to the content in each time window is filtered and is clustered.Cluster
Mainly Text Information Extraction is carried out according to the electronic evidence included in the time window and extract keyword.For example in certain time
In window, " phone, Wang Jingjing, password " is mainly characterized by according to incident duration and decimation in frequency to the time window.
(5)Finally each time window on time shaft is substituted with the key feature being drawn into, and redrawn the time
Axle.
Employ the method that electronic evidence data analysis is realized based on time locus in the invention, it is possible to achieve based on when
Between the analysis of track data temporal characteristics electronic evidence data are carried out with further and more fully hereinafter mining analysis, greatly
Reduce interference data on time shaft, can enable forensics analysis personnel intuitively observe event related law and
Feature, more intuitively by equipment holder at the appointed time in the range of the Activity Show be engaged in out, obtain more quickly
The key message of electronic evidence in each time period, method application are easy, with wider range of application.
In this description, the present invention is described with reference to its specific embodiment.But it is clear that can still make
Various modifications and alterations are without departing from the spirit and scope of the present invention.Therefore, specification and drawings are considered as illustrative
And it is nonrestrictive.
Claims (6)
1. a kind of method that electronic evidence data analysis is realized based on time locus, it is characterised in that described method include with
Lower step:
(1) temporal characteristics in described electronic evidence data are extracted;
(2) described electronic evidence data are collected based on temporal characteristics and are unified storage;
(3) determine the window size of time window on time shaft, be more than the similarity of the electronic evidence data in each time window
Threshold value;
(4) the electronic evidence data corresponding to each time window are filtered and cluster analysis is therein crucial special to extract
Levy;
(5) each time window on time shaft is replaced by corresponding key feature and redraws time shaft.
2. the method that electronic evidence data analysis is realized based on time locus according to claim 1, it is characterised in that institute
The electronic evidence data that states include that address list data, phone data, note data, task arrange data, mail data, number of files
According to and position data.
3. the method that electronic evidence data analysis is realized based on time locus according to claim 1, it is characterised in that institute
State described electronic evidence data are collected based on temporal characteristics and unified storage, comprise the following steps:
(21) described electronic evidence data are taken unified data evidence obtaining form storage;
(22) described electronic evidence data are carried out data generaliza-tion process;
(23) the electronic evidence data through data generaliza-tion are collected based on temporal characteristics.
4. the method that electronic evidence data analysis is realized based on time locus according to claim 1, it is characterised in that institute
The window size of time window on timing countershaft really is stated, is comprised the following steps:
(31) length of window for arranging original time window is 1 hour;
(32) time shaft is split according to the length of window of time window;
(33) whether similarity within each time window of parallel computation simultaneously judges its similarity less than systemic presupposition Similarity value,
If it is, continuing step (34), otherwise continue step (35);
(34) window size of the time window of this time period is adjusted, then proceedes to step (32);
(35) determine the window size of time window on time shaft.
5. the method that electronic evidence data analysis is realized based on time locus according to claim 4, it is characterised in that institute
The systemic presupposition Similarity value that states is 0.6.
6. the method that electronic evidence data analysis is realized based on time locus according to claim 1, it is characterised in that institute
State the electronic evidence data corresponding to each time window are filtered and cluster analysis is extracting key feature therein, bag
Include following steps:
(41) filtration treatment is carried out to the electronic evidence data corresponding to each time window;
(42) extract the text message in the electronic evidence data corresponding to each time window and extract the key in text message
Feature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310522675.8A CN103729397B (en) | 2013-10-28 | 2013-10-28 | Based on the method that time locus realizes electronic evidence data analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310522675.8A CN103729397B (en) | 2013-10-28 | 2013-10-28 | Based on the method that time locus realizes electronic evidence data analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103729397A CN103729397A (en) | 2014-04-16 |
| CN103729397B true CN103729397B (en) | 2017-03-08 |
Family
ID=50453472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310522675.8A Active CN103729397B (en) | 2013-10-28 | 2013-10-28 | Based on the method that time locus realizes electronic evidence data analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103729397B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104615675B (en) * | 2015-01-19 | 2018-01-09 | 苏宁云商集团股份有限公司 | Converged communication method and terminal |
| CN111339379A (en) * | 2020-02-29 | 2020-06-26 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis system |
| CN111353079B (en) * | 2020-02-29 | 2023-05-05 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis suggestion system and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1949240A (en) * | 2006-10-10 | 2007-04-18 | 中国科学院软件研究所 | Electronic data evidence obtaining method and system for computer |
| CN102946319A (en) * | 2012-09-29 | 2013-02-27 | 焦点科技股份有限公司 | System and method for analyzing network user behavior information |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011161303A1 (en) * | 2010-06-24 | 2011-12-29 | Zokem Oy | Network server arrangement for processing non-parametric, multi-dimensional, spatial and temporal human behavior or technical observations measured pervasively, and related method for the same |
-
2013
- 2013-10-28 CN CN201310522675.8A patent/CN103729397B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1949240A (en) * | 2006-10-10 | 2007-04-18 | 中国科学院软件研究所 | Electronic data evidence obtaining method and system for computer |
| CN102946319A (en) * | 2012-09-29 | 2013-02-27 | 焦点科技股份有限公司 | System and method for analyzing network user behavior information |
Non-Patent Citations (1)
| Title |
|---|
| 基于时间序列相似性的数据挖掘方法研究;张军;《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》;20070415(第04期);第2.2.1节,第2.3.2节第3点,第3.1节第二点,第22页第7段 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103729397A (en) | 2014-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104301532B (en) | communication message identification method and device | |
| CN104301528B (en) | The method and device of display information | |
| WO2010144395A3 (en) | System and method for the collaborative collection, assignment, visualization, analysis and modification of probable genealogical relationships based on geo-spatial and temporal proximity | |
| CN103729397B (en) | Based on the method that time locus realizes electronic evidence data analysis | |
| CN109522405A (en) | File information processing method, electronic equipment and computer-readable deposit medium | |
| CN105988897A (en) | Recovery method and device of backup data of mobile terminal | |
| CN104463728A (en) | Application of two-dimension code lock in hotel | |
| CN104102411B (en) | A kind of method for editing text and text editing apparatus | |
| CN110301892A (en) | A kind of detection method and Related product based on hand vein recognition | |
| CN106569937A (en) | Page processing method and apparatus | |
| WO2016024183A3 (en) | Systems and methods for messaging, calling, digital multimedia capture and payment transactions | |
| CN107894869A (en) | A kind of method, terminal device and the computer-readable medium of split screen processing | |
| CN107688653B (en) | User behavior data mining system and method based on network shallow data | |
| Cropp et al. | Communicating and integrating geometallurgical data along the mining value chain | |
| Piernas López | The Concept of State Aid under EU Law: From internal market to competition and beyond | |
| Portela | The efficacy of sanctions of the European Union: when and why do they work? | |
| WO2023124655A1 (en) | User type identification method, electronic device, and readable storage medium | |
| Lippert | Detrital U-Pb geochronology provenance analyses: case studies in the Greater Green River Basin, Wyoming, and the Book Cliffs, Utah | |
| Casal Bértoa | The institutionalization of party systems in East Central Europe: explaining variation | |
| Huddleston | Citizenship Implementation indicators (CITIMP) | |
| Otto | The right to privacy in employment: in search of a contemporary paradigm through a comparative study | |
| Hessami | Estimating Recruitment in Elk Using an Occupancy Framework | |
| Reilly et al. | A 33 kyr Paleomagnetic Secular Variation Record from Fish Lake, Utah | |
| Gianotti et al. | Glacial culmination and decay sequences: new data from a core in the Ivrea end-moraine system (NW Italy) | |
| CN102999509B (en) | information matching method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |