Quantifying the Benefits of File Size Information for Forensic Hash Matching

Johan Garcia

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Quantifying the Benefits of File Size Information for Forensic Hash Matching

Topics: Data Integrity; Digital Forensics

In Proceedings of the International Conference on Security and Cryptography - Volume 0ICETE, 333-338, 2012 , Rome, Italy

Author: Johan Garcia

Affiliation: Karlstad University, Sweden

Keyword(s): Hashing, Digital Forensics, File Size Distributions.

Related Ontology Subjects/Areas/Topics: Data Engineering ; Data Integrity ; Databases and Data Security ; Digital Forensics ; Information and Systems Security

Abstract: Hashing is a widely used technique in the digital forensic practice. By using file size information in addition to hashes, hash matching can potentially be made more effective since there is no need to calculate a hash value if there is no file in the hash set that has the same file size as the file being examined. Based on an examination of 36 million file sizes from five different data sets, this paper provides a quantification of the obtainable improvements. For the evaluated data sets the file reduction, i.e the fraction of files that can be skipped without hash calculations, ranged from 0.009 to 0.525. The byte reduction, i.e. the fraction of bytes that can be skipped, ranged from 0.514 to 0.992. Simulation results showed that these reductions in many cases could decrease the time necessary for hash scanning by 50% or more.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.191.176.66

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Garcia, J. (2012). Quantifying the Benefits of File Size Information for Forensic Hash Matching. In Proceedings of the International Conference on Security and Cryptography (ICETE 2012) - SECRYPT; ISBN 978-989-8565-24-2; ISSN 2184-3236, SciTePress, pages 333-338. DOI: 10.5220/0004077303330338

@conference{secrypt12,
author={Johan Garcia.},
title={Quantifying the Benefits of File Size Information for Forensic Hash Matching},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2012) - SECRYPT},
year={2012},
pages={333-338},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004077303330338},
isbn={978-989-8565-24-2},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2012) - SECRYPT
TI - Quantifying the Benefits of File Size Information for Forensic Hash Matching
SN - 978-989-8565-24-2
IS - 2184-3236
AU - Garcia, J.
PY - 2012
SP - 333
EP - 338
DO - 10.5220/0004077303330338
PB - SciTePress