Computer crime investigation and forensics is an important research work to combat criminal activity in cyberspace. But the complexity of computer criminal groups makes the computer crime forensics to be a challenge. Email is an important communication mean in computer crime communication. So the email forensics is needed to organized crime. This paper proposed an email forensics method based on graph clustering method and social network analysis (SNA). We analyze and mine emails data of the suspicious users’accounts using the new method, which can create email communication network graph for suspicious computer criminal organizations. The algorithm developed can analyze computer organization’s structure and core members. The effectiveness of the method proposed has been proved by our experimental data and results. The research may help
investigators to find more email evidence and case clues and improve investigators’ email forensic capability, especially to the investigation for organized crime.