Using Approximate Matching to Reduce the Volume of Digital Data
Document Type
Book Chapter
Publication Date
2014
Subject: LCSH
Hashing (Computer science), Computer forensics, Cyber forensics
Disciplines
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
Abstract
Digital forensic investigators frequently have to search for relevant files in massive digital corpora – a task often compared to finding a needle in a haystack. To address this challenge, investigators typically apply cryptographic hash functions to identify known files. However, cryptographic hashing only allows the detection of files that exactly match the known file hash values or fingerprints. This paper demonstrates the benefits of using approximate matching to locate relevant files. The experiments described in this paper used three test images of Windows XP, Windows 7 and Ubuntu 12.04 systems to evaluate fingerprint-based comparisons. The results reveal that approximate matching can improve file identification – in one case, increasing the identification rate from 1.82% to 23.76%.
DOI
10.1007/978-3-662-44952-3_11
Repository Citation
Breitinger, Frank; Winter, Christian; Yannikos, York; Fink, Tobias; and Seefried, Michael, "Using Approximate Matching to Reduce the Volume of Digital Data" (2014). Electrical & Computer Engineering and Computer Science Faculty Publications. 65.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/65
Publisher Citation
Breitinger, Frank; Winter, Christian; Yannikos, York; Fink, Tobias; Seefried, Michael (2014): Using Approximate Matching to Reduce the Volume of Digital Data. In: Peterson, Gilbert; Shenoi, Sujeet (Ed.): Advances in Digital Forensics X, pp. 149-163, Springer Berlin Heidelberg, 2014, ISBN: 978-3-662-44951-6.
Comments
Purchase chapter or book here
Find in a library
Also in UNH Library
IFIP Advances in Information and Communication Technology series, Vol. 433