TU Darmstadt / ULB / TUbiblio

Towards a Process Model for Hash Functions in Digital Forensics

Breitinger, Frank ; Liu, Huajian ; Winter, Christian ; Baier, Harald ; Rybalchenko, Alexey ; Steinebach, Martin
Hrsg.: Gladyshev, Pavel ; Marrington, Andrew ; Baggili, Ibrahim (2014)
Towards a Process Model for Hash Functions in Digital Forensics.
Moscow, Russia
doi: 10.1007/978-3-319-14289-0_12
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Handling forensic investigations gets more and more difficult as the amount of data one has to analyze is increasing continuously. A common approach for automated file identification are hash functions. The proceeding is quite simple: a tool hashes all files of a seized device and compares them against a database. Depending on the database, this allows to discard non-relevant (whitelisting) or detect suspicious files (blacklisting).

One can distinguish three kinds of algorithms: (cryptographic) hash functions, bytewise approximate matching and semantic approximate matching (a.k.a perceptual hashing) where the main difference is the operation level. The latter one operates on the semantic level while both other approaches consider the byte-level. Hence, investigators have three different approaches at hand to analyze a device.

First, this paper gives a comprehensive overview of existing approaches for bytewise approximate matching in general and semantic approximate matching for images. Second, we compare implementations and summarize the strengths and weaknesses of all approaches. Third, we show how to integrate these functions based on a sample use case into one existing process model, the computer forensics field triage process model.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2014
Herausgeber: Gladyshev, Pavel ; Marrington, Andrew ; Baggili, Ibrahim
Autor(en): Breitinger, Frank ; Liu, Huajian ; Winter, Christian ; Baier, Harald ; Rybalchenko, Alexey ; Steinebach, Martin
Art des Eintrags: Bibliographie
Titel: Towards a Process Model for Hash Functions in Digital Forensics
Sprache: Englisch
Publikationsjahr: 2014
Verlag: Springer
Buchtitel: Digital Forensics & Cyber Crime (ICDF2C 2013), 5th ICST International Conference, September 26–27, 2013, Moscow, Russia
Reihe: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST)
Band einer Reihe: 132
Veranstaltungsort: Moscow, Russia
DOI: 10.1007/978-3-319-14289-0_12
Kurzbeschreibung (Abstract):

Handling forensic investigations gets more and more difficult as the amount of data one has to analyze is increasing continuously. A common approach for automated file identification are hash functions. The proceeding is quite simple: a tool hashes all files of a seized device and compares them against a database. Depending on the database, this allows to discard non-relevant (whitelisting) or detect suspicious files (blacklisting).

One can distinguish three kinds of algorithms: (cryptographic) hash functions, bytewise approximate matching and semantic approximate matching (a.k.a perceptual hashing) where the main difference is the operation level. The latter one operates on the semantic level while both other approaches consider the byte-level. Hence, investigators have three different approaches at hand to analyze a device.

First, this paper gives a comprehensive overview of existing approaches for bytewise approximate matching in general and semantic approximate matching for images. Second, we compare implementations and summarize the strengths and weaknesses of all approaches. Third, we show how to integrate these functions based on a sample use case into one existing process model, the computer forensics field triage process model.
Freie Schlagworte: Secure Data;Digital forensics, hashing, similarity hashing, robust hashing, perceptual hashing, approximate matching, process model
ID-Nummer: TUD-CS-2013-0296
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Hinterlegungsdatum: 30 Dez 2016 20:23
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen
OAI 2.0-Basis-URL: https://tubiblio.ulb.tu-darmstadt.de/cgi/oai2 TUbiblio verwendet EPrints 3.
Drucken | Impressum | Datenschutzerklärung