Using Approximate Matching to Reduce the Volume of Digital Data

Abstract : Digital forensic investigators frequently have to search for relevant files in massive digital corpora – a task often compared to finding a needle in a haystack. To address this challenge, investigators typically apply cryptographic hash functions to identify known files. However, cryptographic hashing only allows the detection of files that exactly match the known file hash values or fingerprints. This paper demonstrates the benefits of using approximate matching to locate relevant files. The experiments described in this paper used three test images of Windows XP, Windows 7 and Ubuntu 12.04 systems to evaluate fingerprint-based comparisons. The results reveal that approximate matching can improve file identification – in one case, increasing the identification rate from 1.82% to 23.76%.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. Springer, IFIP Advances in Information and Communication Technology, AICT-433, pp.149-163, 2014, Advances in Digital Forensics X. 〈10.1007/978-3-662-44952-3_11〉
Liste complète des métadonnées

Littérature citée [16 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01393769
Contributeur : Hal Ifip <>
Soumis le : mardi 8 novembre 2016 - 10:48:19
Dernière modification le : vendredi 1 décembre 2017 - 01:17:02
Document(s) archivé(s) le : mercredi 15 mars 2017 - 00:04:26

Fichier

978-3-662-44952-3_11_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Frank Breitinger, Christian Winter, York Yannikos, Tobias Fink, Michael Seefried. Using Approximate Matching to Reduce the Volume of Digital Data. Gilbert Peterson; Sujeet Shenoi. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. Springer, IFIP Advances in Information and Communication Technology, AICT-433, pp.149-163, 2014, Advances in Digital Forensics X. 〈10.1007/978-3-662-44952-3_11〉. 〈hal-01393769〉

Partager

Métriques

Consultations de la notice

63

Téléchargements de fichiers

22