Skip to main content
Conference ProceedingsOPEN ACCESS

Managing terabyte-scale investigations with similarity digests

IFIP Advances in Information and Communication Technology (2012) 383 AICT 19-34
DOI: 10.1007/978-3-642-33962-2_2
16Citations
Citations of this article
10Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The relentless increase in storage capacity and decrease in storage cost present an escalating challenge for digital forensic investigations - current forensic technologies are not designed to scale to the degree necessary to process the ever increasing volumes of digital evidence. This paper describes a similarity-digest-based approach that scales up the task of finding related digital artifacts in massive data sets. The results show that digests can be generated at rates exceeding those of cryptographic hashes on commodity multi-core computing systems. Also, the querying of the digest of a large (1 TB) target for the (trace) presence of a small file can be completed in less than one second with very high precision and recall rates. © 2012 IFIP International Federation for Information Processing.

Author supplied keywords

Cite

CITATION STYLE

APA

Roussev, V. (2012). Managing terabyte-scale investigations with similarity digests. In IFIP Advances in Information and Communication Technology (Vol. 383 AICT, pp. 19–34). https://doi.org/10.1007/978-3-642-33962-2_2

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free