Aperfeiçoamento da ferramenta sdhash para identificação de artefatos similares em investigações forenses
Abstract
Forensic investigations have to deal with large amounts of data nowadays due to the development of technology, becoming impractical to manually analyze each case. For this reason, methods that can reduce the time needed in an investigation and yet be effective in finding evidence are necessary. In this work, we show how to improve the performance and precision of one of the most consolidated approximate matching tools in the area, the sdhash. Our results show that the modified tool is capable of identify similarities between different artifacts in an easier and faster way.
References
Roussev, V. (2010, January). Data fingerprinting with similarity digests. In IFIP International Conference on Digital Forensics(pp. 207-226). Springer, Berlin, Heidelberg.
Rabin, M. O. (1981). Fingerprinting by random polynomials. Technical report.
Kornblum, J. (2006). Identifying almost identical files using context triggered piecewise hashing. Digital investigation, 3, 91-97.
Breitinger, F., & Roussev, V. (2014). Automated evaluation of approximate matching algorithms on real data. Digital Investigation, 11, S10-S17.
Breitinger, F., Stivaktakis, G., & Roussev, V. (2014). Evaluating detection error trade-offs for bytewise approximate matching algorithms. Digital Investigation, 11(2), 81-89.
Roussev, V., An Evaluation of Forensic Similarity Hashes. In Proceedings of the Eleventh Annual DFRWS Conference, pp. S34-41, Aug 2011, New Orleans, LA.
G. Fowler, L. Noll, P. Vo, Fowler/Noll/Vo (FNV) Hash, ONLINE [link] - acessado em 06/09/2018.
Harichandran, V. S., Breitinger, F., & Baggili, I. (2016). Bytewise approximate matching: the good, the bad, and the unknown. Journal of Digital Forensics, Security and Law, 11(2), 4.
Lee, A., & Atkison, T. (2017, April). A comparison of fuzzy hashes: evaluation, guidelines, and future suggestions. In Proceedings of the SouthEast Conference (pp. 18-25). ACM.
Rabin, M. O. (1981). Fingerprinting by random polynomials. Technical report.
Kornblum, J. (2006). Identifying almost identical files using context triggered piecewise hashing. Digital investigation, 3, 91-97.
Breitinger, F., & Roussev, V. (2014). Automated evaluation of approximate matching algorithms on real data. Digital Investigation, 11, S10-S17.
Breitinger, F., Stivaktakis, G., & Roussev, V. (2014). Evaluating detection error trade-offs for bytewise approximate matching algorithms. Digital Investigation, 11(2), 81-89.
Roussev, V., An Evaluation of Forensic Similarity Hashes. In Proceedings of the Eleventh Annual DFRWS Conference, pp. S34-41, Aug 2011, New Orleans, LA.
G. Fowler, L. Noll, P. Vo, Fowler/Noll/Vo (FNV) Hash, ONLINE [link] - acessado em 06/09/2018.
Harichandran, V. S., Breitinger, F., & Baggili, I. (2016). Bytewise approximate matching: the good, the bad, and the unknown. Journal of Digital Forensics, Security and Law, 11(2), 4.
Lee, A., & Atkison, T. (2017, April). A comparison of fuzzy hashes: evaluation, guidelines, and future suggestions. In Proceedings of the SouthEast Conference (pp. 18-25). ACM.
Published
2018-10-25
How to Cite
KAMEYAMA, André Seiki; MOIA, Vitor Hugo Galhardo; HENRIQUES, Marco Aurelio Amaral.
Aperfeiçoamento da ferramenta sdhash para identificação de artefatos similares em investigações forenses . In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 18. , 2018, Natal.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 223-232.
DOI: https://doi.org/10.5753/sbseg_estendido.2018.4161.
