TU Darmstadt / ULB / TUbiblio

Hash-Based File Content Identification Using Distributed Systems

Yannikos, York ; Schlüßler, Jonathan ; Steinebach, Martin ; Winter, Christian ; Graffi, Kalman
eds.: Peterson, Gilbert ; Shenoi, Sujeet (2013)
Hash-Based File Content Identification Using Distributed Systems.
USA, Florida, Orlando, National Center for Forensic Science
Conference or Workshop Item, Bibliographie

Abstract

A serious problem in digital forensics is handling very large amounts of data. Since forensic investigators often have to analyze several terabytes of data within a single case, efficient and effective tools for automatic data identification or filtering are very important. A commonly used data identification technique is using the cryptographic hash of a file and match it against white and black lists containing hashes of files with harmless or harmful/illegal content. However, such lists are never complete and miss the hashes of most existing files. Also, cryptographic hashes can be easily defeated e.g. when used to identify multimedia content.

In this work we analyze different distributed systems available in the Internet regarding their suitability to support the identification of file content. We present a framework which is able to support an automatic file content identification by searching for file hashes and collecting, aggregating, and presenting the search results. In our evaluation we were able to identify the content of about 26% of the files of a test set by using found file names which briefly describe the file content. Therefore, our framework can help to significantly reduce the workload of forensic investigators.

Item Type: Conference or Workshop Item
Erschienen: 2013
Editors: Peterson, Gilbert ; Shenoi, Sujeet
Creators: Yannikos, York ; Schlüßler, Jonathan ; Steinebach, Martin ; Winter, Christian ; Graffi, Kalman
Type of entry: Bibliographie
Title: Hash-Based File Content Identification Using Distributed Systems
Language: English
Date: October 2013
Publisher: Springer
Book Title: Advances in Digital Forensics IX – 9th IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28–30, 2013, Revised Selected Papers
Series: IFIP Advances in Information and Communication Technology
Series Volume: 410
Event Location: USA, Florida, Orlando, National Center for Forensic Science
Abstract:

A serious problem in digital forensics is handling very large amounts of data. Since forensic investigators often have to analyze several terabytes of data within a single case, efficient and effective tools for automatic data identification or filtering are very important. A commonly used data identification technique is using the cryptographic hash of a file and match it against white and black lists containing hashes of files with harmless or harmful/illegal content. However, such lists are never complete and miss the hashes of most existing files. Also, cryptographic hashes can be easily defeated e.g. when used to identify multimedia content.

In this work we analyze different distributed systems available in the Internet regarding their suitability to support the identification of file content. We present a framework which is able to support an automatic file content identification by searching for file hashes and collecting, aggregating, and presenting the search results. In our evaluation we were able to identify the content of about 26% of the files of a test set by using found file names which briefly describe the file content. Therefore, our framework can help to significantly reduce the workload of forensic investigators.

Uncontrolled Keywords: Secure Data;Forensic Analysis Framework, File Content Identification, P2P Networks, Search Engines
Identification Number: TUD-CS-2013-0242
Divisions: LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 30 Dec 2016 20:23
Last Modified: 12 Jan 2019 21:21
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details