Breitinger, Frank ; Winter, Christian ; Yannikos, York ; Fink, Tobias ; Seefried, Michael
Hrsg.: Peterson, Gilbert ; Shenoi, Sujeet (2014)
Using Approximate Matching to Reduce the Volume of Digital Data.
Vienna, Austria
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Forensic investigations are often comparable to find the needle in the haystack – the agents are overwhelmed with information and need to identify relevant files. In order to solve this challenge, investigators apply cryptographic hash functions to identify known files automatically. However, cryptographic hashing was never designed for forensic investigations and allows to detect identical files only (due to its security properties).
This paper shows the benefits of using approximate matching for this challenge. We set up three test images using Windows XP, Windows 7 and Ubuntu 12.04 and performed several fingerprint-based comparisons, e.g., operation system installations against ssdeep reference dataset from the National Institute of Standards and Technology (NIST). All comparisons showed a much better identification rate using approximate matching, e.g., in one case the identification rate increased from 1.82% to 23.76%.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2014 |
| Herausgeber: | Peterson, Gilbert ; Shenoi, Sujeet |
| Autor(en): | Breitinger, Frank ; Winter, Christian ; Yannikos, York ; Fink, Tobias ; Seefried, Michael |
| Art des Eintrags: | Bibliographie |
| Titel: | Using Approximate Matching to Reduce the Volume of Digital Data |
| Sprache: | Englisch |
| Publikationsjahr: | August 2014 |
| Verlag: | Springer |
| Buchtitel: | Advances in Digital Forensics X, 10th IFIP WG 11.9 International Conference on Digital Forensics, Vienna, Austria, January 8–10, 2014 |
| Reihe: | IFIP Advances in Information and Communication Technology |
| Band einer Reihe: | 433 |
| Veranstaltungsort: | Vienna, Austria |
| Kurzbeschreibung (Abstract): | Forensic investigations are often comparable to find the needle in the haystack – the agents are overwhelmed with information and need to identify relevant files. In order to solve this challenge, investigators apply cryptographic hash functions to identify known files automatically. However, cryptographic hashing was never designed for forensic investigations and allows to detect identical files only (due to its security properties). This paper shows the benefits of using approximate matching for this challenge. We set up three test images using Windows XP, Windows 7 and Ubuntu 12.04 and performed several fingerprint-based comparisons, e.g., operation system installations against ssdeep reference dataset from the National Institute of Standards and Technology (NIST). All comparisons showed a much better identification rate using approximate matching, e.g., in one case the identification rate increased from 1.82% to 23.76%. |
| Freie Schlagworte: | Secure Data;Approximate matching, ssdeep, reference dataset, RDS, file identification |
| ID-Nummer: | TUD-CS-2014-0925 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 17 Mai 2018 13:02 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum