liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Oscar - File Type Identification of Binary Data in Disk Clusters and RAM Pages
Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2006 (English)In: IFIP TC-11 International Information Security Conference SEC,2006, New York, NY, USA: Springer , 2006, 413- p.Conference paper, Published paper (Refereed)
Abstract [en]

This paper proposes a method, called Oscar, for determining the probable file type of binary data fragments. The Oscar method is based on building models, called centroids, of the mean and standard deviation of the byte frequency distribution of different file types. A weighted quadratic distance metric is then used to measure the distance between the centroid and sample data fragments. If the distance falls below a threshold, the sample is categorized as probably belonging to the modelled file type. Oscar is tested using JPEG pictures and is shown to give a high categorization accuracy, i.e. high detection rate and low false positives rate. By using a practical example we demonstrate how to use the Oscar method to prove the existence of known pictures based on fragments of them found in RAM and the swap partition of a computer.

Place, publisher, year, edition, pages
New York, NY, USA: Springer , 2006. 413- p.
Keyword [en]
security, forensics
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-34487DOI: 10.1007/0-387-33406-8_35Local ID: 21529OAI: oai:DiVA.org:liu-34487DiVA: diva2:255335
Conference
IFIP TC-11 International Information Security Conference SEC,2006
Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2014-06-24

Open Access in DiVA

No full text

Other links

Publisher's full text

Authority records BETA

Karresand, MartinShahmehri, Nahid

Search in DiVA

By author/editor
Karresand, MartinShahmehri, Nahid
By organisation
The Institute of TechnologyDatabase and information techniques
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 149 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf