Detecting similar files based on hash and statistical analysis for digital forensic investigation

Kimin Seo, Kyungsoo Lim, Jaemin Choi, Kisik Chang, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)

Abstract

In modern society, rapid increase in using mass storage devices, and it makes forensic examiners find important evidence hardly in the focus of time-consuming. Examiners spend much time to search files related to the case in variety of storage devices. Recently, NIST(National Institute of Standards and Technology) has developed a new database, called NSRL(National Software Reference Library), which contains hash values of trusted operating systems and programs[1]. As establishing this database service in public, NIST contribute to reduce time-consuming in searching file and detecting forgery on the devices. On the other hand, the hash value based detection technique cannot be distinguished the similarity from other files perfectly. In this paper, therefore, we present novel methods for detecting similar files considering the known fuzzy hashing and statistical analysis and developed out prototype tool, called SimFD.

Original languageEnglish
Title of host publicationProceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
DOIs
Publication statusPublished - 2009 Dec 1
Event2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 - Jeju Island, Korea, Republic of
Duration: 2009 Dec 102009 Dec 12

Other

Other2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
CountryKorea, Republic of
CityJeju Island
Period09/12/1009/12/12

Keywords

  • Block-based hash
  • CTPH algorithm
  • Digital forensics
  • Hash
  • Similar files

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Detecting similar files based on hash and statistical analysis for digital forensic investigation'. Together they form a unique fingerprint.

  • Cite this

    Seo, K., Lim, K., Choi, J., Chang, K., & Lee, S. (2009). Detecting similar files based on hash and statistical analysis for digital forensic investigation. In Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 [5404198] https://doi.org/10.1109/CSA.2009.5404198