Understanding the effects of removing common blocks on Approximate Matching scores under different scenarios for digital forensic investigations

Mapping Intimacies ◽

10.5753/sbseg.2019.13966 ◽

2019 ◽

Author(s):

Vitor Hugo Moia ◽

Frank Breitinger ◽

Marco Aurélio Henriques

Keyword(s):

Data Structures ◽

Digital Forensics ◽

Similarity Score ◽

Approximate Matching ◽

Similarity Detection ◽

Digital Forensic ◽

Compact Representations ◽

Forensic Investigations ◽

New Interpretation ◽

Digital Forensic Investigations

Finding similarity in digital forensics investigations can be assisted with the use of Approximate Matching (AM) functions. These algorithms create small and compact representations of objects (similar to hashes) which can be compared to identify similarity. However, often results are biased due to common blocks (data structures found in many different ﬁles regardless of content). In this paper, we evaluate the precision and recall metrics for AM functions when removing common blocks. In detail, we analyze how the similarity score changes and impacts different investigation scenarios. Results show that many irrelevant matches can be ﬁltered out and that a new interpretation of the score allows a better similarity detection.

Download Full-text

Towards automated preprocessing of bulk data in digital forensic investigations using hash functions

it - Information Technology ◽

10.1515/itit-2015-0023 ◽

2015 ◽

Vol 57 (6) ◽

Author(s):

Harald Baier

Keyword(s):

Data Structures ◽

Digital Forensics ◽

Hash Functions ◽

Site Investigation ◽

Process Models ◽

Approximate Matching ◽

Digital Forensic ◽

Bulk Data ◽

Digital Forensic Investigations ◽

Cryptographic Hash Functions

AbstractHandling bulk data (e. g. some terabytes of data) is a issue in contemporary digital forensics. Separating relevant data structures from irrelevant ones resembles finding the needle in the haystack. The article at hand presents and assesses automatic hash-based techniques to preprocess the input data with the goal to facilitate the investigator's job. We discuss concepts like blacklisting and whitelisting based on cryptographic hash functions and approximate matching, respectively. In case of two established process models for a lab and an on-site investigation, respectively, we describe how to jointly use these techniques to automatically get a pointer to the needle.

Download Full-text

User-Contributory Case-Based Reasoning for Digital Forensic Investigations

2012 Third International Conference on Emerging Security Technologies ◽

10.1109/est.2012.35 ◽

2012 ◽

Author(s):

Graeme Horsman ◽

Christopher Laing ◽

Paul Vickers

Keyword(s):

Case Based Reasoning ◽

Digital Forensic ◽

Forensic Investigations ◽

Digital Forensic Investigations ◽

Download Full-text

Digital Forensic Investigations: Issues of Intangibility, Complications and Inconsistencies in Cyber-crimes

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.425 ◽

2016 ◽

Vol 4 (2) ◽

pp. 87-104 ◽

Author(s):

Ezer Osei Yeboah-Boateng ◽

Elvis Akwa-Bonsu ◽

◽

Keyword(s):

Digital Forensic ◽

Forensic Investigations ◽

Cyber Crimes ◽

Digital Forensic Investigations

Download Full-text

Embedding Hercule Poirot in Networks: Addressing Inefficiencies in Digital Forensic Investigations

Foundations of Augmented Cognition - Lecture Notes in Computer Science ◽

10.1007/978-3-540-73216-7_41 ◽

2007 ◽

pp. 364-372 ◽

Author(s):

Barbara Endicott-Popovsky ◽

Deborah A. Frincke

Keyword(s):

Digital Forensic ◽

Forensic Investigations ◽

Digital Forensic Investigations

Download Full-text

Legal Challenges in Digital Forensic Investigations

Cybercrime and Digital Forensics ◽

10.4324/9781315296975-14 ◽

2017 ◽

pp. 571-621

Author(s):

Thomas J. Holt ◽

Adam M. Bossler ◽

Kathryn C. Seigfried-Spellar

Keyword(s):

Digital Forensic ◽

Legal Challenges ◽

Forensic Investigations ◽

Digital Forensic Investigations

Download Full-text

Impact of Cloud Computing on Digital Forensic Investigations

Advances in Digital Forensics IX - IFIP Advances in Information and Communication Technology ◽

10.1007/978-3-642-41148-9_20 ◽

2013 ◽

pp. 291-303 ◽

Author(s):

Stephen O’Shaughnessy ◽

Anthony Keane

Keyword(s):

Cloud Computing ◽

Digital Forensic ◽

Forensic Investigations ◽

Digital Forensic Investigations

Download Full-text

Measuring Evidential Weight in Digital Forensic Investigations

Advances in Digital Forensics XIV - IFIP Advances in Information and Communication Technology ◽

10.1007/978-3-319-99277-8_1 ◽

2018 ◽

pp. 3-10

Author(s):

Richard Overill ◽

Kam-Pui Chow

Keyword(s):

Digital Forensic ◽

Forensic Investigations ◽

Digital Forensic Investigations

Download Full-text

Part 2:- quality assurance mechanisms for digital forensic investigations: Knowledge sharing and the Capsule of Digital Evidence (CODE)

Forensic Science International: Reports ◽

10.1016/j.fsir.2019.100035 ◽

2020 ◽

Vol 2 ◽

pp. 100035

Author(s):

Graeme Horsman

Keyword(s):

Quality Assurance ◽

Knowledge Sharing ◽

Digital Evidence ◽

Evidence Code ◽

Digital Forensic ◽

Forensic Investigations ◽

Digital Forensic Investigations

Download Full-text

Forensic of Things: Revisiting Digital Forensic Investigations in Internet of Things

2019 4th International Conference on Emerging Trends in Engineering, Sciences and Technology (ICEEST) ◽

10.1109/iceest48626.2019.8981675 ◽

2019 ◽

Author(s):

Taimur Bakhshi

Keyword(s):

Internet Of Things ◽

Digital Forensic ◽

Forensic Investigations ◽

Digital Forensic Investigations

Download Full-text

Role of Multimedia Information Retrieval in Providing a Credible Evidence for Digital Forensic Investigations: Open Source Intelligence Investigation Analysis

10.5121/csit.2020.101002 ◽

2020 ◽

Author(s):

Amr Adel ◽

Brian Cusack

Keyword(s):

Information Retrieval ◽

Multimedia Information ◽

Open Source ◽

Multimedia Information Retrieval ◽

Digital Forensic ◽

Open Source Intelligence ◽

Forensic Investigations ◽

Digital Forensic Investigations

Download Full-text