Cyber forensics, Computer forensics, Hashing (Computer science)
Computer Engineering | Electrical and Computer Engineering | Forensic Science and Technology
Investigating seized devices within digital forensics represents a challenging task due to the increasing amount of data. Common procedures utilize automated file identification, which reduces the amount of data an investigator has to examine manually. In the past years the research field of approximate matching arises to detect similar data. However, if n denotes the number of similarity digests in a database, then the lookup for a single similarity digest is of complexity of O(n). This paper presents a concept to extend existing approximate matching algorithms, which reduces the lookup complexity from O(n) to O(log(n)). Our proposed approach is based on the well-known divide and conquer paradigm and builds a Bloom filter-based tree data structure in order to enable an efficient lookup of similarity digests. Further, it is demonstrated that the presented technique is highly scalable operating a trade-off between storage requirements and computational efficiency. We perform a theoretical assessment based on recently published results and reasonable magnitudes of input data, and show that the complexity reduction achieved by the proposed technique yields a 220-fold acceleration of look-up costs.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Breitinger, Frank; Rathgeb, Christian; and Baier, Harald, "An Efficient Similarity Digests Database Lookup -- a Logarithmic Divide and Conquer Approach" (2014). Electrical & Computer Engineering and Computer Science Faculty Publications. 7.
Breitinger, F. , Rathgeb, C., and Baier, H. (2014) An efficient similarity digests database lookup -- a logarithmic divide and conquer approach. Journal of Digital Forensics, Security and Law 9(2): 152-166.