TU Darmstadt / ULB / TUbiblio

Hash-Based File Content Identification Using Distributed Systems

Yannikos, York and Schlüßler, Jonathan and Steinebach, Martin and Winter, Christian and Graffi, Kalman Peterson, Gilbert and Shenoi, Sujeet (eds.) (2013):
Hash-Based File Content Identification Using Distributed Systems.
In: IFIP Advances in Information and Communication Technology, 410, In: Advances in Digital Forensics IX – 9th IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28–30, 2013, Revised Selected Papers, Springer, USA, Florida, Orlando, National Center for Forensic Science, pp. 119–134, ISBN 978-3-642-41147-2,
[Conference or Workshop Item]

Abstract

A serious problem in digital forensics is handling very large amounts of data. Since forensic investigators often have to analyze several terabytes of data within a single case, efficient and effective tools for automatic data identification or filtering are very important. A commonly used data identification technique is using the cryptographic hash of a file and match it against white and black lists containing hashes of files with harmless or harmful/illegal content. However, such lists are never complete and miss the hashes of most existing files. Also, cryptographic hashes can be easily defeated e.g. when used to identify multimedia content.

In this work we analyze different distributed systems available in the Internet regarding their suitability to support the identification of file content. We present a framework which is able to support an automatic file content identification by searching for file hashes and collecting, aggregating, and presenting the search results. In our evaluation we were able to identify the content of about 26% of the files of a test set by using found file names which briefly describe the file content. Therefore, our framework can help to significantly reduce the workload of forensic investigators.

Item Type: Conference or Workshop Item
Erschienen: 2013
Editors: Peterson, Gilbert and Shenoi, Sujeet
Creators: Yannikos, York and Schlüßler, Jonathan and Steinebach, Martin and Winter, Christian and Graffi, Kalman
Title: Hash-Based File Content Identification Using Distributed Systems
Language: ["languages_typename_1" not defined]
Abstract:

A serious problem in digital forensics is handling very large amounts of data. Since forensic investigators often have to analyze several terabytes of data within a single case, efficient and effective tools for automatic data identification or filtering are very important. A commonly used data identification technique is using the cryptographic hash of a file and match it against white and black lists containing hashes of files with harmless or harmful/illegal content. However, such lists are never complete and miss the hashes of most existing files. Also, cryptographic hashes can be easily defeated e.g. when used to identify multimedia content.

In this work we analyze different distributed systems available in the Internet regarding their suitability to support the identification of file content. We present a framework which is able to support an automatic file content identification by searching for file hashes and collecting, aggregating, and presenting the search results. In our evaluation we were able to identify the content of about 26% of the files of a test set by using found file names which briefly describe the file content. Therefore, our framework can help to significantly reduce the workload of forensic investigators.

Title of Book: Advances in Digital Forensics IX – 9th IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28–30, 2013, Revised Selected Papers
Series Name: IFIP Advances in Information and Communication Technology
Volume: 410
Publisher: Springer
ISBN: 978-3-642-41147-2
Uncontrolled Keywords: Secure Data;Forensic Analysis Framework, File Content Identification, P2P Networks, Search Engines
Divisions: LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Event Location: USA, Florida, Orlando, National Center for Forensic Science
Date Deposited: 30 Dec 2016 20:23
Identification Number: TUD-CS-2013-0242
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)

View Item View Item