Abstract : The relentless increase in storage capacity and decrease in storage cost present an escalating challenge for digital forensic investigations – current forensic technologies are not designed to scale to the degree necessary to process the ever increasing volumes of digital evidence. This paper describes a similarity-digest-based approach that scales up the task of finding related digital artifacts in massive data sets. The results show that digests can be generated at rates exceeding those of cryptographic hashes on commodity multi-core computing systems. Also, the querying of the digest of a large (1 TB) target for the (trace) presence of a small file can be completed in less than one second with very high precision and recall rates.
Gilbert Peterson; Sujeet Shenoi. 8th International Conference on Digital Forensics (DF), Jan 2012, Pretoria, South Africa. Springer, IFIP Advances in Information and Communication Technology, AICT-383, pp.19-34, 2012, Advances in Digital Forensics VIII. 〈10.1007/978-3-642-33962-2_2〉
https://hal.inria.fr/hal-01523709
Contributeur : Hal Ifip
<>
Soumis le : mardi 16 mai 2017 - 17:10:18
Dernière modification le : vendredi 1 décembre 2017 - 01:16:43
Document(s) archivé(s) le : vendredi 18 août 2017 - 00:10:58
Vassil Roussev. Managing Terabyte-Scale Investigations with Similarity Digests. Gilbert Peterson; Sujeet Shenoi. 8th International Conference on Digital Forensics (DF), Jan 2012, Pretoria, South Africa. Springer, IFIP Advances in Information and Communication Technology, AICT-383, pp.19-34, 2012, Advances in Digital Forensics VIII. 〈10.1007/978-3-642-33962-2_2〉. 〈hal-01523709〉
