Understanding the effects of removing common blocks on Approximate Matching scores under different scenarios for digital forensic investigations
Détails
ID Serval
serval:BIB_24B72A1DE98A
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Institution
Titre
Understanding the effects of removing common blocks on Approximate Matching scores under different scenarios for digital forensic investigations
Titre de la conférence
XIX Brazilian Symposium on information and computational systems security
Editeur
Brazilian Computer Society (SBC) SÃ o Paulo-SP, Brazil
Statut éditorial
Publié
Date de publication
2019
Langue
anglais
Résumé
Finding similarity in digital forensics investigations can be assisted with the use of Approximate Matching (AM) functions. These algorithms create small and compact representations of objects (similar to hashes) which can be compared to identify similarity. However, often results are biased due to common blocks (data structures found in many different files regardless of content). In this paper, we evaluate the precision and recall metrics for AM functions when removing common blocks. In detail, we analyze how the similarity score changes and impacts different investigation scenarios. Results show that many irrelevant matches can be filtered out and that a new interpretation of the score allows a better similarity detection.
Création de la notice
06/05/2021 12:01
Dernière modification de la notice
06/05/2021 12:40
Données d'usage
