Yannikos, York ; Schlüßler, Jonathan ; Steinebach, Martin ; Winter, Christian ; Graffi, Kalman
Hrsg.: Peterson, Gilbert ; Shenoi, Sujeet (2013)
Hash-Based File Content Identification Using Distributed Systems.
USA, Florida, Orlando, National Center for Forensic Science
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
A serious problem in digital forensics is handling very large amounts of data. Since forensic investigators often have to analyze several terabytes of data within a single case, efficient and effective tools for automatic data identification or filtering are very important. A commonly used data identification technique is using the cryptographic hash of a file and match it against white and black lists containing hashes of files with harmless or harmful/illegal content. However, such lists are never complete and miss the hashes of most existing files. Also, cryptographic hashes can be easily defeated e.g. when used to identify multimedia content.
In this work we analyze different distributed systems available in the Internet regarding their suitability to support the identification of file content. We present a framework which is able to support an automatic file content identification by searching for file hashes and collecting, aggregating, and presenting the search results. In our evaluation we were able to identify the content of about 26% of the files of a test set by using found file names which briefly describe the file content. Therefore, our framework can help to significantly reduce the workload of forensic investigators.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2013 |
| Herausgeber: | Peterson, Gilbert ; Shenoi, Sujeet |
| Autor(en): | Yannikos, York ; Schlüßler, Jonathan ; Steinebach, Martin ; Winter, Christian ; Graffi, Kalman |
| Art des Eintrags: | Bibliographie |
| Titel: | Hash-Based File Content Identification Using Distributed Systems |
| Sprache: | Englisch |
| Publikationsjahr: | Oktober 2013 |
| Verlag: | Springer |
| Buchtitel: | Advances in Digital Forensics IX – 9th IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28–30, 2013, Revised Selected Papers |
| Reihe: | IFIP Advances in Information and Communication Technology |
| Band einer Reihe: | 410 |
| Veranstaltungsort: | USA, Florida, Orlando, National Center for Forensic Science |
| Kurzbeschreibung (Abstract): | A serious problem in digital forensics is handling very large amounts of data. Since forensic investigators often have to analyze several terabytes of data within a single case, efficient and effective tools for automatic data identification or filtering are very important. A commonly used data identification technique is using the cryptographic hash of a file and match it against white and black lists containing hashes of files with harmless or harmful/illegal content. However, such lists are never complete and miss the hashes of most existing files. Also, cryptographic hashes can be easily defeated e.g. when used to identify multimedia content. In this work we analyze different distributed systems available in the Internet regarding their suitability to support the identification of file content. We present a framework which is able to support an automatic file content identification by searching for file hashes and collecting, aggregating, and presenting the search results. In our evaluation we were able to identify the content of about 26% of the files of a test set by using found file names which briefly describe the file content. Therefore, our framework can help to significantly reduce the workload of forensic investigators. |
| Freie Schlagworte: | Secure Data;Forensic Analysis Framework, File Content Identification, P2P Networks, Search Engines |
| ID-Nummer: | TUD-CS-2013-0242 |
| Fachbereich(e)/-gebiet(e): | LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 12 Jan 2019 21:21 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum