Email Classification for Forensic Analysis by Information Gain Technique
One of the most interesting fields nowadays is forensics. This field is based on the works of scientists who study evidence to help the police solve crimes. In the domain of computer science, the crimes within computer forensics are usually network attacks, and most attacks are over the email (the case of this study). Email has become a daily means of communication which is mainly accessible via internet. People receive thousands of emails in their inboxes and mail servers (in which people can find emails in those lists). The aim of this study is to secure email users by building an automatic checking and detecting system on servers to filter the bad emails from the good ones. In this paper, the authors will do a study based on a new method of emails clustering to extract the bad and good ones. The authors use the gain information technique like an algorithm of clustering, whose principle is to calculate the importance of each attribute (in this study, the authors talk about the attributes that constitute the email) to draw the importance tree and at the end extract the clusters.