liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
File Type Identification of Data Fragments by Their Binary Structure
Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2006 (English)In: IEEE Systems, Man and Cybernetics Society Information Assurance Workshop,2006, Piscataway, NJ, USA: IEEE , 2006, 140- p.Conference paper, Published paper (Refereed)
Abstract [en]

Rapidly gaining information superiority is vital when fighting an enemy, but current computer forensics tools, which require file headers or a working file system to function, do not enable us to quickly map out the contents of corrupted hard disks or other fragmented storage media found at crime scenes. The lack of proper tools slows down the hunt for information, which would otherwise help in gaining the upper hand against IT based perpetrators. To address this problem, this paper presents an algorithm which allows categorization of data fragments based solely on their structure, without the need for any meta data. The algorithm is based on measuring the rate of change of the byte contents of digital media and extends the byte frequency distribution based Oscar method presented in an earlier paper. The evaluation of the new method shows a detection rate of 99.2 %, without generating any false positives, when used to scan for JPEG data. The slowest implementation of the algorithm scans a 72.2 MB file in approximately 2.5 seconds and scales linearly.

Place, publisher, year, edition, pages
Piscataway, NJ, USA: IEEE , 2006. 140- p.
Keyword [en]
security, forensics
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-34506Local ID: 21568OAI: oai:DiVA.org:liu-34506DiVA: diva2:255354
Conference
IEEE Systems, Man and Cybernetics Society Information Assurance Workshop,2006
Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2014-06-24

Open Access in DiVA

No full text

Authority records BETA

Karresand, MartinShahmehri, Nahid

Search in DiVA

By author/editor
Karresand, MartinShahmehri, Nahid
By organisation
The Institute of TechnologyDatabase and information techniques
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 97 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf