TU Darmstadt / ULB / TUbiblio

Data Corpora for Digital Forensics Education and Research

Yannikos, York ; Graner, Lukas ; Steinebach, Martin ; Winter, Christian
Hrsg.: Peterson, Gilbert ; Shenoi, Sujeet (2014)
Data Corpora for Digital Forensics Education and Research.
Vienna, Austria
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The availability of data corpora is important for research, development, and education in digital forensics. Several corpora exist and are available for academia, ranging from manually created small data sets of a few megabytes to many terabytes of real-world hard disk data. However, available corpora require a consideration of their usefulness for specific forensic tasks. Especially digital forensic tool testing relies on suitable corpora to determine relevant tool properties like effectiveness and efficiency. Real-data corpora are often desired for tool testing, however they typically lack a ground truth which provides valuable information. Generating synthetic data corpora can help improving tool testing and development, if the underlying methodology allows generating data with realistic properties.

In this work we give an overview about available data corpora in the area of digital forensics and discuss which problems may arise when working with specific corpora. In an example we show that generating synthetic data corpora can be efficiently done where suitable real-world data may not be available. Using a self-developed framework we describe how to generate synthetic disk images in order to provide a corpus for testing disk analysis tools or for educating students in using these tools.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2014
Herausgeber: Peterson, Gilbert ; Shenoi, Sujeet
Autor(en): Yannikos, York ; Graner, Lukas ; Steinebach, Martin ; Winter, Christian
Art des Eintrags: Bibliographie
Titel: Data Corpora for Digital Forensics Education and Research
Sprache: Englisch
Publikationsjahr: August 2014
Verlag: Springer
Buchtitel: Advances in Digital Forensics X, 10th IFIP WG 11.9 International Conference on Digital Forensics, Vienna, Austria, January 8–10, 2014
Reihe: IFIP Advances in Information and Communication Technology
Band einer Reihe: 433
Veranstaltungsort: Vienna, Austria
Kurzbeschreibung (Abstract):

The availability of data corpora is important for research, development, and education in digital forensics. Several corpora exist and are available for academia, ranging from manually created small data sets of a few megabytes to many terabytes of real-world hard disk data. However, available corpora require a consideration of their usefulness for specific forensic tasks. Especially digital forensic tool testing relies on suitable corpora to determine relevant tool properties like effectiveness and efficiency. Real-data corpora are often desired for tool testing, however they typically lack a ground truth which provides valuable information. Generating synthetic data corpora can help improving tool testing and development, if the underlying methodology allows generating data with realistic properties.

In this work we give an overview about available data corpora in the area of digital forensics and discuss which problems may arise when working with specific corpora. In an example we show that generating synthetic data corpora can be efficiently done where suitable real-world data may not be available. Using a self-developed framework we describe how to generate synthetic disk images in order to provide a corpus for testing disk analysis tools or for educating students in using these tools.

Freie Schlagworte: Secure Data;Forensic data corpus, test data generation, synthetic disk images, model-based simulation
ID-Nummer: TUD-CS-2014-0924
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Hinterlegungsdatum: 30 Dez 2016 20:23
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen