Computer evidence analysis technology based on weighted frequent pattern growth algorithm

Abstract

The current analysis of computer forensics is still dependent on the investigation personnel, leading to the problem of heavy workload and low efficiency. At the same time, computer evidences have the characteristics of complex structure and large amount of data, which is prone to the problem of association rules redundancy. In order to improve the efficiency of computer evidence analysis, this paper uses association analysis technology to analyze the user's behavior habits from the obtained computer system log, browser records, file operation traces and other information; combined with the idea of weighted features, the weight set was generated according to the difference of attribute importance, and the Frequent Pattern Growth (FP-Growth) algorithm is improved. The experimental results show that the improved FP-Growth algorithm can effectively remove the redundant rules in evidence analysis, and is more practical for user behavior analysis.