File Fragment Analysis Using Normalized Compression Distance

Abstract : The first step when recovering deleted files using file carving is to identify the file type of a block, also called file fragment analysis. Several researchers have demonstrated the applicability of Kolmogorov complexity methods such as the normalized compression distance (NCD) to this problem. NCD methods compare the results of compressing a pair of data blocks with the compressed concatenation of the pair. One parameter that is required is the compression algorithm to be used. Prior research has identified the NCD compressor properties that yield good performance. However, no studies have focused on its applicability to file fragment analysis. This paper describes the results of experiments on a large corpus of files and file types with different block lengths. The experimental results demonstrate that, in the case of file fragment analysis, compressors with the desired properties do not perform statistically better than compressors with less computational complexity.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.171-182, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_12〉
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01460604
Contributeur : Hal Ifip <>
Soumis le : mardi 7 février 2017 - 17:25:46
Dernière modification le : vendredi 1 décembre 2017 - 01:16:43
Document(s) archivé(s) le : lundi 8 mai 2017 - 14:53:05

Fichier

978-3-642-41148-9_12_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Stefan Axelsson, Kamran Bajwa, Mandhapati Srikanth. File Fragment Analysis Using Normalized Compression Distance. Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.171-182, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_12〉. 〈hal-01460604〉

Partager

Métriques

Consultations de la notice

53

Téléchargements de fichiers

47