【作者】 汪文生；

【导师】 韩国强； 周德元；

【作者基本信息】 华南理工大学 ， 软件工程， 2011， 硕士

【摘要】 随着互联网技术的高速发展,人们通过互联网发送电子邮件,使得沟通交流变得更加容易、快捷。电子邮件也以其新型、快速、经济的特点已成为现代社会不可缺少的重要通信方式之一。与此同时,各种犯罪分子也开始普遍利用电子邮件从事各类违法犯罪活动,在很多计算机犯罪案件以及商业、民事纠纷中都涉及电子邮件。在电子邮件中蕴藏了丰富的各类有用信息,是进行计算机分析取证的重要内容之一,它能为案件侦破提供一些有力的线索。为提高使用效率,人们经常使用各类电子邮件客户端(如Foxmail、Outlook Express、Microsoft Office Outlook等)来处理邮件。因此,分析各类邮件客户端所保存的邮件数据文件也是计算机分析取证的重要手段之一。本文所研究的电子邮件分析取证系统主要是针对目前国内主流的Foxmail、Outlook Express和Office Outlook这三款邮件客户端。通过分析Foxmail所保存的.ind、.BOX格式的邮件文件、Outlook Express所保存的DBX的复合数据文件和Office Outlook所保存的PST复合邮件文件,从中提取感兴趣邮件的收发件人邮箱地址、收发件人姓名、发送时间、主题、邮件正文内容及附件等信息;然后统计归类收、发件人邮箱地址,运用可视化、人际网络分析等技术绘制邮件的时间关系图和人际网络关系图,从而为分析和发现收、发件人之间隐藏的关系提供很好的参考依据。本论文将首先简要说明电子邮件分析取证的背景、重要意义及目前国内外电子邮件分析取证的一些现状;接着,介绍系统的总体目标、运行环境、主要功能及总体架构,重点介绍系统各关键功能模块的设计思路、架构等情况;然后详细介绍在本系统设计和开发中所使用的关键技术:即基于文件结构分析的.ind、.BOX邮件数据文件解析、基于COM技术的DBX复合邮件体的解析、基于OLE自动化技术的PST邮件文件解析方法,以及在绘制邮件时间关系图和人际网络关系图中所使用到的图形绘制基础理论、数据库访问技术和基于遗传算法的图自动布局算法及实现等;接着,介绍整个系统的开发环境,并重点阐述如何运用前面提到的关键技术实现预期的系统用户界面和各项功能指标等,详细介绍了电子邮件分析取证系统的实现;最后总结本系统的设计实现开发情况,并针对所存在不足提出下步的研究方向。更多还原

【Abstract】 With the rapid development of internet technology, people send email through the internet,making communication easier and faster. Email but also for its new, fast and economic characteristics has become an important and indispensable means of communication. Meanwhile, a variety of common criminals have begun to use email in various criminal activities. In many computer crime cases and commercial and civil disputes involving email. Email contains a wealth of all kinds of useful information, which is one important way for computer forensic analysis. Email can provide some strong clues for the detection of cases. To improve efficiency, people often use various types of e-mail client to handle e-mail (such as Foxmail、Outlook Express、Microsoft Office Outlook etc.). Therefore, the analysis of e-mail data files stored by various types of mail clients is an important means of computer analysis and forensies.In this study,email analysis and forensies system mainly focus on three mail clients in the domestic: Foxmail,Outlook Express(OE) and Microsoft Office Outlook. By analyzing the .ind,. BOX mail file format stored by Foxmail, the .DBX mail file format stored by OE and the .PST mail file format stored by Outlook, we can extract key information , which is interested by us , such as the sender’s or recipients’s﹑e-mail address﹑send time﹑receive time﹑subject﹑message body content and attachment. Then, we can count and classify the sender’s or recipients’s email addresses, draw email-time diagrams and social network diagram by using the visualization﹑social network analysis techniques. Therefore, we can analysis and find the hidden relationships between the senders and recipients.In this study, firstly,we will briefly introduce the background and the significance of email analysis and forensies, the current situation in domestic and international. Then, we will describes the system’s overall objectives, operating environment, the main function and overall structure. Especially, we will introduce the design concept and structure of the key functional modules of the system ; And then, we will introduce in detail the key technique used in this system design and develop. That are: parsing the .ind, .BOX mail file datas based on the file tructural analysis; parsing the DBX mail file datas based on the COM technique; parsing the PST mail file datas based on the OLE automation technology. And the database access technique, the basic theory of graph-drawing, the figure automatic layout algorithm and the implementation based on the Genetic Algorithm used by drawing the email-time diagrams and social network diagram. And then, we introduce the development environment of the entire system. We focus on the implementation of the user interface and all kinds of function indexes, through by using the key technique mentioned before. We will describes in detail the implementation of the email analysis and forensies system; Finally, we summarize the design, develop and implementation of the system, and the deficiencies for the next step of the research proposed.更多还原