The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2009 vol.7)
pp: 49-55
Vassil Roussev , University of New Orleans
ABSTRACT
The complexity of digital forensic analysis continues to grow in lockstep with the rapid growth of the size of forensic targets. Forensic examiners rely heavily on hash-based techniques to quickly and efficiently screen the data for known objects. Recent research has considerably expanded the range of hash-based techniques to include adaptations of data-fingerprinting methods from other domains. The authors describe the driving problems that motivate R&D in this area, and survey both established practices and recent research advances.
INDEX TERMS
digital forensics, hashing, fingerprinting, security
CITATION
Vassil Roussev, "Hashing and Data Fingerprinting in Digital Forensics", IEEE Security & Privacy, vol.7, no. 2, pp. 49-55, March/April 2009, doi:10.1109/MSP.2009.40
REFERENCES
1. R. Richardson, "2007 CSI Computer Crime and Security Survey," Computer Security Inst., 2007.
2. Regional Computer Forensics Laboratory Program Annual Report FY2007, US Federal Bureau of Investigation, 2007; www.rcfl.gov/downloads/documentsRCFL_Nat_Annual07.pdf .
3. P. Roberts, "DOD Seized 60TB in Search for Iraq Battle Plan Leak," Computerworld (Australia), 31 Jan. 2005; www.computerworld.com.au/index.phpid;266473746 .
4. RCFL Program Annual Report for Fiscal Year 2006, US Federal Bureau of Investigation, 2006; www.rcfl.gov/downloads/documentsRCFL_Nat_Annual06.pdf .
5. B. Bloom, "Space/Time Tradeoffs in Hash Coding with Allowable Errors," Comm. ACM, vol. 13, no. 7, 1970, pp. 422–426.
6. A. Broder and M. Mitzenmatcher, "Network Applications of Bloom Filters: A Survey," Proc. Ann. -Allerton Conf. Communication, Control, and Computing, 2002; www.eecs.harvard.edu/~michaelm/NEWWORK/postscripts BloomFilterSurvey.pdf.
7. M.O. Rabin, Fingerprinting by Random Polynomials, tech. report 15-81, Center for Research in Computing Technology, Harvard Univ., 1981.
8. R. Karp and M. Rabin, "Efficient Randomized Pattern-Matching Algorithms," IBM J. Research and Development, vol. 31, no. 2, 1987, pp. 249–260.
9. U. Manber, "Finding Similar Files in a Large File System," Proc. Usenix Winter 1994 Technical Conf., Usenix Assoc., 1994, pp. 1–10.
10. S. Brin, J. Davis, and H. Garcia-Molina, "Copy Detection Mechanisms for Digital Documents," Proc. 1995 ACM SIGMOD Int'l Conf. Management of Data, ACM Press, 1995, pp. 398–409.
11. A. Broder, S. Glassman, and M. Manasse, "Syntactic Clustering of the Web," SRC Technical Note 1997-015, Digital Equipment Corp., 25 July 1997.
12. H. Kim and B. Karp, "Autograph: Toward Automated, Distributed Worm Signature Detection," Proc. 13th Usenix Security Symp., Usenix Assoc., 2004, pp. 271–286.
13. K. Shanmugasundaram, H. Brönnimann, and N. Memon, "Payload Attribution via Hierarchical Bloom Filters," Proc. 11th ACM Conf. Computer and Communications Security, ACM Press, 2004, pp. 31–41.
14. C.Y. Cho et al., "Network Forensics on Packet Fingerprints," Security and Privacy in Dynamic Environments, Springer, 2006, pp. 401–412.
15. S. Schleimer, D. Wilkerson, and A. Aiken, "Winnowing: Local Algorithms for Document Fingerprinting," Proc. 2003 ACM SIGMOD Int'l Conf. Management of Data, ACM Press, 2003, pp. 76–85.
16. M. Ponec et al., "Highly Efficient Techniques for Network Forensics," Proc. 14th ACM Conf. Computer and Communications Security, ACM Press, 2007, pp. 150–160.
17. J. Kornblum, "Identifying Almost Identical Files Using Context Triggered Piecewise Hashing," Proc. 6th Ann. Digital Forensics Research Workshop Conf. (DFRWS 06), Elsevier, 2006, pp. S91–S97; www.dfrws.org/2006/proceedings12-Kornblum.pdf .
18. V. Roussev et al., "md5bloom: Forensic Filesystem Hashing Revisited," Proc. 6th Ann. Digital Forensics Research Workshop Conf. (DFRWS 06), Elsevier, 2006, pp. S82–S90; www.dfrws.org/2006/proceedings11-Roussev.pdf .
19. V. Roussev, G.G. Richard III, and L. Marziale, "Multi-resolution Similarity Hashing," Proc. 7th Ann. Digital Forensics Research Workshop Conf. (DFRWS 07), Elsevier, 2007, pp. S105–S113; www.dfrws.org/2007/proceedingsp105-roussev.pdf .
15 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool