One of the biggest challenges in file fragment classification is the low classification rate of compound files known as high entropy files that contain different types of data, such as images and compressed text. It is seen that current methods for file fragment classification may not work for classifying these compound files. In this paper we propose a novel approach based on detecting deflate-encoded data in compound file fragments then decompress that data before applying a machine learning technique for classification. We apply our proposed method to classify Adobe portable document format (PDF) file type. Experiments showed high classification rate for the proposed method.
Nguyen, K., Tran, D., Ma, W., & Sharma, D. (2014). A proposed approach to compound file fragment identification. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8792, pp. 493–500). Springer Verlag. https://doi.org/10.1007/978-3-319-11698-3_38