A New Approach for Creating Forensic Hashsets - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2012

A New Approach for Creating Forensic Hashsets

Résumé

The large amounts of data that have to be processed and analyzed by forensic investigators is a growing challenge. Using hashsets of known files to identify and filter irrelevant files in forensic investigations is not as effective as it could be, especially in non-English speaking countries. This paper describes the application of data mining techniques to identify irrelevant files from a sample of computers from a country or geographical region. The hashsets corresponding to these files are augmented with an optimized subset of effective hash values chosen from a conventional hash database. Experiments using real evidence demonstrate that the resulting augmented hashset yields 30.69% better filtering results than a conventional hashset although it has approximately half as many (51.83%) hash values.
Fichier principal
Vignette du fichier
978-3-642-33962-2_6_Chapter.pdf (1.26 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-01523710 , version 1 (16-05-2017)

Licence

Paternité

Identifiants

Citer

Marcelo Ruback, Bruno Hoelz, Celia Ralha. A New Approach for Creating Forensic Hashsets. 8th International Conference on Digital Forensics (DF), Jan 2012, Pretoria, South Africa. pp.83-97, ⟨10.1007/978-3-642-33962-2_6⟩. ⟨hal-01523710⟩
66 Consultations
123 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More