The Community for Technology Leaders
RSS Icon
Issue No.12 - Dec. (2012 vol.45)
pp: 28-35
Joel Young , Naval Postgraduate School
Kristina Foster , Naval Postgraduate School
Simson Garfinkel , Naval Postgraduate School
Kevin Fairbanks , Johns Hopkins University
Using an alternative approach to traditional file hashing, digital forensic investigators can hash individually sampled subject drives on sector boundaries and then check these hashes against a prebuilt database, making it possible to process raw media without reference to the underlying file system.
Digital forensics, Malware, Computers, Forensics, File systems, Cryptography, sector hashing, digital forensics, computer security
Joel Young, Kristina Foster, Simson Garfinkel, Kevin Fairbanks, "Distinct Sector Hashes for Target File Detection", Computer, vol.45, no. 12, pp. 28-35, Dec. 2012, doi:10.1109/MC.2012.327
1. S. Garfinkel et al., “, Using Purpose-Built Functions and Block Hashes to Enable Small Block and Sub-File Forensics,” Digital Investigation, Aug. 2010, pp. S13-S23; .
2. S. Garfinkel et al., “Bringing Science to Digital Forensics with Standardized Forensic Corpora,” Digital Investigation, Sept. 2009, pp. S2-S11; .
3. D. Quist, “State of Offensive Computing,” blog, 7 July 2012;
4. E.M. Bakker, J. van Leeuwen, and R.B. Tan, “Prefix Routing Schemes in Dynamic Networks,” Computer Networks and ISDN Systems, Dec. 1993, pp. 403-421.
5. B.H. Bloom, “Space/Time Trade-Offs in Hash Coding with Allowable Errors,” Comm. ACM, July 1970, pp. 422-426.
6. P. Farrell, S.L. Garfinkel, and D. White, “Practical Applications of Bloom Filters to the NIST RDS and Hard Drive Triage,” Proc. Ann. Computer Security Applications Conf. (ACSAC 08), IEEE CS, 2008, pp. 13-22.
700 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool