Name
Abstract | ||
|---|---|---|
Sub-file hashing and hash-based carving are increasingly popular methods in digital forensics to detect files on hard drives that are incomplete or have been partially overwritten/modified. While these techniques have been shown to be usable in practice and can be implemented efficiently, they face the problem that a-priori specific “target files” need to be available and at hand. While it is always feasible and, in fact, trivial to create case-specific sub-file hash collections, we propose the creation of case-independent sub-file hash databases. For facilitating hash databases which can be publicly shared among investigators, we propose the usage of data from peer-to-peer file sharing networks such as BitTorrent. Most of the file sharing networks in use today rely on large quantities of hash values for integrity checking and chunk identification, and can be leveraged for digital forensics. |
Year | DOI | Venue |
|---|---|---|
2016 | 10.1016/j.diin.2016.04.011 | Digital Investigation |
Keywords | DocType | Volume |
Sub-file hashing,Hash-based carving,File whitelisting,p2p file sharing | Journal | 18 |
Issue | ISSN | Citations |
SUPnan | 1742-2876 | 0 |
PageRank | References | Authors |
0.34 | 0 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Sebastian Neuner | 1 | 73 | 6.06 |
| martin schmiedecker | 2 | 16 | 3.06 |
| Edgar Weippl | 3 | 20 | 10.62 |