Merging changes in XML documents using reliable context fingerprints
Proceedings of the eighth ACM symposium on Document engineering
Automated Windows Memory File Extraction for Cyber Forensics Investigation
Journal of Digital Forensic Practice
Effective whitelisting for filesystem forensics
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
iCTPH: an approach to publish and lookup CTPH digests in chord
ICA3PP'10 Proceedings of the 10th international conference on Algorithms and Architectures for Parallel Processing - Volume Part II
A comparison of forensic evidence recovery techniques for a windows mobile smart phone
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The persistence of memory: Forensic identification and extraction of cryptographic keys
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A system for the proactive, continuous, and efficient collection of digital forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
An evaluation of forensic similarity hashes
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A structure free self-adaptive piecewise hashing algorithm for spam filtering
Proceedings of the Fifth International Conference on Internet Multimedia Computing and Service
Delta: automatic identification of unknown web-based infection campaigns
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
AndroSimilar: robust statistical feature signature for Android malware detection
Proceedings of the 6th International Conference on Security of Information and Networks
SigMal: a static signal processing based malware triage
Proceedings of the 29th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Homologous files share identical sets of bits in the same order. Because such files are not completely identical, traditional techniques such as cryptographic hashing cannot be used to identify them. This paper introduces a new technique for constructing hash signatures by combining a number of traditional hashes whose boundaries are determined by the context of the input. These signatures can be used to identify modified versions of known files even if data has been inserted, modified, or deleted in the new files. The description of this method is followed by a brief analysis of its performance and some sample applications to computer forensics.