The use of similarity hashes combined with sampling techniques to improve disk forensics analysis
نویسندگان
چکیده
Digital forensics is a science related to the analysis of digital devices in order to find evidences of a crime. However, the overwhelming amount of data required to be handled, caused by the increase of storage capacity of hard disks, make examiners’ work harder and sometimes impossible to succeed in a reasonable time. For this reason, methods that can reduce the time needed in an investigation and yet be effective in finding evidences, are necessary. In this paper, we present a proposal that aims to reduce this time, by using statistical models where only partial data are evaluated with high probability of success, and to increase the accuracy in finding not only identical files but similar ones too, using a tool called sdhash. We emphasize that we work in the sector level, which can be effective in finding small pieces of files that were deleted but fragments of it still remain in disk.
منابع مشابه
Using purpose-built functions and block hashes to enable small block and sub-file forensics
This paper explores the use of purpose-built functions and cryptographic hashes of small data blocks for identifying data in sectors, file fragments, and entire files. It introduces and defines the concept of a “distinct” disk sectorda sector that is unlikely to exist elsewhere except as a copy of the original. Techniques are presented for improved detection of JPEG, MPEG and compressed data; f...
متن کاملClass-Aware Similarity Hashing for Data Classification
This paper introduces “class-aware similarity hashes” or “classprints,” which are an outgrowth of recent work on similarity hashing. The approach builds on the notion of context-based hashing to create a framework for identifying data types based on content and for building characteristic similarity hashes for individual data items that can be used for correlation. The principal benefits are th...
متن کاملComputer Forensics: Investigations of the Future
I Passwords and Their Hashes . . . . . . . . 5 Abstract—Computer Forensics is a new field that uses traditional investigation processes and applies them to investigating a computer for digital evidence. In this paper, we will discuss the background of computer forensics and process of a digital investigation of a computer. Technical topics such cryptographic hashing and data hiding will be cove...
متن کاملState of the Art in Similarity Preserving Hashing Functions
One of the goals of digital forensics is to analyse the content of digital devices by reducing its size and complexity. Similarity preserving hashing functions help to accomplish that mission through a resemblance comparison between different files. Some of the best-known functions of this type are the context-triggered piecewise hashing functions, which create a signature formed by several has...
متن کاملMerging Similarity and Trust Based Social Networks to Enhance the Accuracy of Trust-Aware Recommender Systems
In recent years, collaborative filtering (CF) methods are important and widely accepted techniques are available for recommender systems. One of these techniques is user based that produces useful recommendations based on the similarity by the ratings of likeminded users. However, these systems suffer from several inherent shortcomings such as data sparsity and cold start problems. With the dev...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016