Towards a Process Model for Hash Functions in Digital Forensics

Détails

ID Serval
serval:BIB_92547AD2FE02
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Titre
Towards a Process Model for Hash Functions in Digital Forensics
Titre de la conférence
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Auteur⸱e⸱s
Breitinger Frank, Liu Huajian, Winter Christian, Baier Harald, Rybalchenko Alexey, Steinebach Martin
Editeur
Springer International Publishing
ISBN
9783319142883
9783319142890
ISSN
1867-8211
1867-822X
Statut éditorial
Publié
Date de publication
2014
Editeur⸱rice scientifique
Gladyshev Pavel, Marrington Andrew, Baggili Ibrahim
Volume
132
Pages
170-186
Langue
anglais
Résumé
Handling forensic investigations gets more and more difficult as the amount of data one has to analyze is increasing continuously. A common approach for automated file identification are hash functions. The proceeding is quite simple: a tool hashes all files of a seized device and compares them against a database. Depending on the database, this allows to discard non-relevant (whitelisting) or detect suspicious files (blacklisting). One can distinguish three kinds of algorithms: (cryptographic) hash functions, bytewise approximate matching and semantic approximate matching (a.k.a perceptual hashing) where the main difference is the operation level. The latter one operates on the semantic level while both other approaches consider the byte-level. Hence, investigators have three different approaches at hand to analyze a device. First, this paper gives a comprehensive overview of existing approaches for bytewise and semantic approximate matching (for semantic we focus on images functions). Second, we compare implementations and summarize the strengths and weaknesses of all approaches. Third, we show how to integrate these functions based on a sample use case into one existing process model, the computer forensics field triage process model.
Mots-clé
Digital forensics, Hashing, Similarity hashing, Robust hashing, Perceptual hashing, Approximate matching, Process model
Création de la notice
06/05/2021 11:01
Dernière modification de la notice
22/02/2022 19:40
Données d'usage