Prefix routing schemes in dynamic networks
Computer Networks and ISDN Systems
Statistical Disk Cluster Classification for File Carving
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
SÁDI - Statistical Analysis for Data Type Identification
SADFE '08 Proceedings of the 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering
An Empirical Analysis of Disk Sector Hashes for Data Carving
Journal of Digital Forensic Practice
Practical Applications of Bloom Filters to the NIST RDS and Hard Drive Triage
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
FAWN: a fast array of wimpy nodes
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
File Fragment Classification-The Case for Specialized Approaches
SADFE '09 Proceedings of the 2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering
Predicting the types of file fragments
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Forensic feature extraction and cross-drive analysis
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.00 |
This paper explores the use of purpose-built functions and cryptographic hashes of small data blocks for identifying data in sectors, file fragments, and entire files. It introduces and defines the concept of a ''distinct'' disk sector-a sector that is unlikely to exist elsewhere except as a copy of the original. Techniques are presented for improved detection of JPEG, MPEG and compressed data; for rapidly classifying the forensic contents of a drive using random sampling; and for carving data based on sector hashes.