Author URLs
Professor Baggili's Faculty Profile
Professor Breitinger's Faculty Profile
Professor Breitinger's web page
Professor Breitinger's Full Bibliography
UNHcFREG (UNH Cyber Forensics Research & Education Group / Lab)
Document Type
Article
Publication Date
2016
Subject: LCSH
Local area networks (Computer networks)--Traffic, Cyber forensics, Computer forensics, Hashing (Computer science)
Disciplines
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
Abstract
Hash functions are established and well-known in digital forensics, where they are commonly used for proving integrity and file identification (i.e., hash all files on a seized device and compare the fingerprints against a reference database). However, with respect to the latter operation, an active adversary can easily overcome this approach because traditional hashes are designed to be sensitive to altering an input; output will significantly change if a single bit is flipped. Therefore, researchers developed approximate matching, which is a rather new, less prominent area but was conceived as a more robust counterpart to traditional hashing. Since the conception of approximate matching, the community has constructed numerous algorithms, extensions, and additional applications for this technology, and are still working on novel concepts to improve the status quo. In this survey article, we conduct a high-level review of the existing literature from a non-technical perspective and summarize the existing body of knowledge in approximate matching, with special focus on bytewise algorithms. Our contribution allows researchers and practitioners to receive an overview of the state of the art of approximate matching so that they may understand the capabilities and challenges of the field. Simply, we present the terminology, use cases, classification, requirements, testing methods, algorithms, applications, and a list of primary and secondary literature.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Repository Citation
Harichandran, Vikram S.; Breitinger, Frank; and Baggili, Ibrahim, "Bytewise Approximate Matching: The Good, The Bad, and The Unknown" (2016). Electrical & Computer Engineering and Computer Science Faculty Publications. 58.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/58
Publisher Citation
Harichandran, Vikram S., Frank Breitinger, and Ibrahim Baggili. "Bytewise Approximate Matching: The Good, The Bad, and The Unknown." Journal of Digital Forensics, Security and Law, 11, no. 2 (2016): 59-78.
Included in
Computer Engineering Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
Comments
Copyright (c) 2016 Journal of Digital Forensics, Security and Law http://www.jdfsl.org/ This work is licensed under a Creative Commons Attribution 4.0 International License.
Dr. Baggili was appointed to the University of New Haven's Elder Family Endowed Chair in 2015.