Email Forensic Analysis Based on k-means clustering

Computer crime activities are increasing more and more, which bring great threat to network security. Email is used for several computer crime activities due to its simplicity. In this scenario, email forensics is needed. This paper proposed an email forensic method using k-means clustering. We collect and analyze email data of suspicious users. Then filtering and clustering is done to obtain the email communication network graph. Finally, we apply spam filtering to avoid spam mails in network graph and k-means clustering on email messages to obtain the accurate communication graph. The algorithm can analyze the core members and the structure of criminal organization.