Skip to Main content Skip to Navigation
Conference papers

A New Approach for Creating Forensic Hashsets

Abstract : The large amounts of data that have to be processed and analyzed by forensic investigators is a growing challenge. Using hashsets of known files to identify and filter irrelevant files in forensic investigations is not as effective as it could be, especially in non-English speaking countries. This paper describes the application of data mining techniques to identify irrelevant files from a sample of computers from a country or geographical region. The hashsets corresponding to these files are augmented with an optimized subset of effective hash values chosen from a conventional hash database. Experiments using real evidence demonstrate that the resulting augmented hashset yields 30.69% better filtering results than a conventional hashset although it has approximately half as many (51.83%) hash values.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-01523710
Contributor : Hal Ifip <>
Submitted on : Tuesday, May 16, 2017 - 5:10:19 PM
Last modification on : Thursday, March 5, 2020 - 4:46:41 PM
Long-term archiving on: : Friday, August 18, 2017 - 12:24:50 AM

File

978-3-642-33962-2_6_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Marcelo Ruback, Bruno Hoelz, Celia Ralha. A New Approach for Creating Forensic Hashsets. 8th International Conference on Digital Forensics (DF), Jan 2012, Pretoria, South Africa. pp.83-97, ⟨10.1007/978-3-642-33962-2_6⟩. ⟨hal-01523710⟩

Share

Metrics

Record views

134

Files downloads

192