Due to increasing criminal activities by anonymous E-mails in the cyber world, it is a challenging task to extract beneficial knowledge from E-mail systems. This problem in cyber world attracts many researchers in cyber-crime domain. Recent studies in this area concentrate on traditional classification approaches such as Decision Tree and Support Vector Machines (SVM). These approaches are employed to identify the author. The main goal of these researches is increasing the accuracy of identification, but the quality of evidence is ignored and also it is hard to be traced. So, in this paper, we propose a new approach based on data mining methods for improving the quality of evidence which leads to boost the accuracy of identification. We use writeprints as the evidence and extract them from each E-mail of individuals. The next step for author identification, is matching the writeprints with anonymous E-mails by applying Earth Mover Distance (EMD) criterion to identify the plausible author. In addition to high accuracy, EMD can help cybercrime investigators in making decision about anonymous intruder. Experiments with real data in both English and Persian languages, demonstrate the proposed approach can effectively identify the author and capture strong evidence to prove the identification.