A New Network Forensics System for Chinese Text Content

This paper presents an implementation technical solution of network forensics system for Chinese text content. The technical solution utilizes Bloom filter algorithm and Chinese word segmentation and metaaggregation algorithm(CWSMA) to preprocess and effectively store contents of the text aiming at technical challenges caused by characteristics of “unpredictability of the event features” and “unpredictability of forensics operation”, information related with the events such as ‘where’, ‘who’, ‘when’ and the like can be provided for investigators through member query, network verification analysis can be carried out under the condition without predefining event characteristics, the forensics analysis time traceability can be prolonged from several days of existing technique to several months, it is particularly suitable for network forensics of network secret disclosure events and illegal content propagation events with sensitive content analysis. Key-Words: Network forensics; Bloom filter; Chinese word segmentation