Using Approximate Matching to Reduce the Volume of Digital Data

Détails

ID Serval
serval:BIB_5FB3F9090441
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Titre
Using Approximate Matching to Reduce the Volume of Digital Data
Titre de la conférence
Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications
Auteur(s)
Breitinger Frank, Winter Christian, Yannikos York, Fink Tobias, Seefried Michael
Editeur
Springer International Publishing
ISBN
9783319125671
9783319125688
ISSN
0302-9743
1611-3349
Statut éditorial
Publié
Date de publication
2014
Editeur scientifique
Peterson Gilbert, Shenoi Sujeet
Volume
433
Pages
149-163
Langue
anglais
Résumé
Digital forensic investigators frequently have to search for relevant files in massive digital corpora – a task often compared to finding a needle in a haystack. To address this challenge, investigators typically apply cryptographic hash functions to identify known files. However, cryptographic hashing only allows the detection of files that exactly match the known file hash values or fingerprints. This paper demonstrates the benefits of using approximate matching to locate relevant files. The experiments described in this paper used three test images of Windows XP, Windows 7 and Ubuntu 12.04 systems to evaluate fingerprint-based comparisons. The results reveal that approximate matching can improve file identification – in one case, increasing the identification rate from 1.82% to 23.76%.
Mots-clé
File identification, approximate matching, ssdeep
Open Access
Oui
Création de la notice
06/05/2021 12:01
Dernière modification de la notice
06/05/2021 12:33
Données d'usage