File Clustering using Forensic Analysis System

In this paper computer forensic analysis investigation, thousands of files are generally surveyed. In this much of the data in those files consists of formless manuscript, whose investigation by computer examiners is very tough to accomplish. Clustering is the unverified organization of designs that is data items, remarks, or feature vectors into groups (clusters). To find a noble clarification for this automated method of analysis are of great interest. In particular, algorithms such as K-means, K-medics, Single Link, Complete Link and Average Link can simplify the detection of new and valuable information from the documents under investigation. In This paper we are going to present a tactic that applies text clustering algorithms to forensic examination of computers seized in police investigations using multithreading technique for data clustering. Our experiments show that the Average Link and Complete Link algorithms provide the best results for our application domain. If suit-ably initialized, partition algorithms (K-means and K-medoids) can also yield to very good results. Finally, we also present and discuss several practical results that can be useful for researchers and practitioners of forensic computing.