Conference ProceedingsOPEN ACCESS

A new approach for creating forensic hashsets

IFIP Advances in Information and Communication Technology (2012) 383 AICT 83-97
DOI: 10.1007/978-3-642-33962-2_6
7Citations
Citations of this article
12Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The large amounts of data that have to be processed and analyzed by forensic investigators is a growing challenge. Using hashsets of known files to identify and filter irrelevant files in forensic investigations is not as effective as it could be, especially in non-English speaking countries. This paper describes the application of data mining techniques to identify irrelevant files from a sample of computers from a country or geographical region. The hashsets corresponding to these files are augmented with an optimized subset of effective hash values chosen from a conventional hash database. Experiments using real evidence demonstrate that the resulting augmented hashset yields 30.69% better filtering results than a conventional hashset although it has approximately half as many (51.83%) hash values. © 2012 IFIP International Federation for Information Processing.

Author supplied keywords

Cite

CITATION STYLE

APA

Ruback, M., Hoelz, B., & Ralha, C. (2012). A new approach for creating forensic hashsets. In IFIP Advances in Information and Communication Technology (Vol. 383 AICT, pp. 83–97). Springer New York LLC. https://doi.org/10.1007/978-3-642-33962-2_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free