Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Using approximate matching to reduce the volume of digital data

 
: Breitinger, Frank; Winter, Christian; Yannikos, York; Fink, Tobias; Seefried, Michael

:

Peterson, G. ; International Federation for Information Processing -IFIP-, Working Group Digital Forensics:
Advances in digital forensics X. 10th IFIP WG 11.9 International Conference 2014 : Vienna, Austria, January 8-10, 2014; Revised selected papers
Berlin: Springer, 2014 (IFIP advances in information and communication technology 433)
ISBN: 3-662-44951-X
ISBN: 978-3-662-44951-6 (Print)
ISBN: 978-3-662-44952-3 (Online)
S.149-163
International Conference on Digital Forensics <10, 2014, Vienna>
Englisch
Konferenzbeitrag
Fraunhofer SIT ()

Abstract
Digital forensic investigators frequently have to search for relevant files in massive digital corpora – a task often compared to finding a needle in a haystack. To address this challenge, investigators typically apply cryptographic hash functions to identify known files. However, cryptographic hashing only allows the detection of files that exactly match the known file hash values or fingerprints. This paper demonstrates the benefits of using approximate matching to locate relevant files. The experiments described in this paper used three test images of Windows XP, Windows 7 and Ubuntu 12.04 systems to evaluate fingerprint-based comparisons. The results reveal that approximate matching can improve file identification – in one case, increasing the identification rate from 1.82% to 23.76%.

: http://publica.fraunhofer.de/dokumente/N-349954.html