HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

A New Approach for Creating Forensic Hashsets

Abstract : The large amounts of data that have to be processed and analyzed by forensic investigators is a growing challenge. Using hashsets of known files to identify and filter irrelevant files in forensic investigations is not as effective as it could be, especially in non-English speaking countries. This paper describes the application of data mining techniques to identify irrelevant files from a sample of computers from a country or geographical region. The hashsets corresponding to these files are augmented with an optimized subset of effective hash values chosen from a conventional hash database. Experiments using real evidence demonstrate that the resulting augmented hashset yields 30.69% better filtering results than a conventional hashset although it has approximately half as many (51.83%) hash values.
Document type :
Conference papers
Complete list of metadata

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, May 16, 2017 - 5:10:19 PM
Last modification on : Thursday, March 5, 2020 - 4:46:41 PM
Long-term archiving on: : Friday, August 18, 2017 - 12:24:50 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Marcelo Ruback, Bruno Hoelz, Celia Ralha. A New Approach for Creating Forensic Hashsets. 8th International Conference on Digital Forensics (DF), Jan 2012, Pretoria, South Africa. pp.83-97, ⟨10.1007/978-3-642-33962-2_6⟩. ⟨hal-01523710⟩



Record views


Files downloads