ABSTRACT
Cluster analysis is the forensic process of decomposing a set of observations into several subsets of observations that have some digital similarity, which can be viewed in a graphical format. Creating visual maps of these findings and creating predictive models for anticipating crimes is one of the missions of forensic investigators. Observations within the same cluster are similar in some sense, which for forensic investigators may point to certain computer ports, locations in a city, intrusions into networks, or fraudulent attempts. Clustering is a method of unsupervised learning that is important for the forensic investigator to understand.
