TU Darmstadt / ULB / TUbiblio

Data Corpora for Digital Forensics Education and Research

Yannikos, York and Graner, Lukas and Steinebach, Martin and Winter, Christian Peterson, Gilbert and Shenoi, Sujeet (eds.) (2014):
Data Corpora for Digital Forensics Education and Research.
In: IFIP Advances in Information and Communication Technology, 433, In: Advances in Digital Forensics X, 10th IFIP WG 11.9 International Conference on Digital Forensics, Vienna, Austria, January 8–10, 2014, Springer, Vienna, Austria, pp. 309–325, [Conference or Workshop Item]

Abstract

The availability of data corpora is important for research, development, and education in digital forensics. Several corpora exist and are available for academia, ranging from manually created small data sets of a few megabytes to many terabytes of real-world hard disk data. However, available corpora require a consideration of their usefulness for specific forensic tasks. Especially digital forensic tool testing relies on suitable corpora to determine relevant tool properties like effectiveness and efficiency. Real-data corpora are often desired for tool testing, however they typically lack a ground truth which provides valuable information. Generating synthetic data corpora can help improving tool testing and development, if the underlying methodology allows generating data with realistic properties.

In this work we give an overview about available data corpora in the area of digital forensics and discuss which problems may arise when working with specific corpora. In an example we show that generating synthetic data corpora can be efficiently done where suitable real-world data may not be available. Using a self-developed framework we describe how to generate synthetic disk images in order to provide a corpus for testing disk analysis tools or for educating students in using these tools.

Item Type: Conference or Workshop Item
Erschienen: 2014
Editors: Peterson, Gilbert and Shenoi, Sujeet
Creators: Yannikos, York and Graner, Lukas and Steinebach, Martin and Winter, Christian
Title: Data Corpora for Digital Forensics Education and Research
Language: ["languages_typename_1" not defined]
Abstract:

The availability of data corpora is important for research, development, and education in digital forensics. Several corpora exist and are available for academia, ranging from manually created small data sets of a few megabytes to many terabytes of real-world hard disk data. However, available corpora require a consideration of their usefulness for specific forensic tasks. Especially digital forensic tool testing relies on suitable corpora to determine relevant tool properties like effectiveness and efficiency. Real-data corpora are often desired for tool testing, however they typically lack a ground truth which provides valuable information. Generating synthetic data corpora can help improving tool testing and development, if the underlying methodology allows generating data with realistic properties.

In this work we give an overview about available data corpora in the area of digital forensics and discuss which problems may arise when working with specific corpora. In an example we show that generating synthetic data corpora can be efficiently done where suitable real-world data may not be available. Using a self-developed framework we describe how to generate synthetic disk images in order to provide a corpus for testing disk analysis tools or for educating students in using these tools.

Title of Book: Advances in Digital Forensics X, 10th IFIP WG 11.9 International Conference on Digital Forensics, Vienna, Austria, January 8–10, 2014
Series Name: IFIP Advances in Information and Communication Technology
Volume: 433
Publisher: Springer
Uncontrolled Keywords: Secure Data;Forensic data corpus, test data generation, synthetic disk images, model-based simulation
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Event Location: Vienna, Austria
Date Deposited: 30 Dec 2016 20:23
Identification Number: TUD-CS-2014-0924
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)

View Item View Item