 |
7th Annual IEEE Information Assurance Workshop 21-23 June 2006 "The West Point Workshop" United States Military Academy, West Point, New York |
| Chair: LTC Ronald Dodge, Ronald.Dodge@usma.edu | |
|
|
|
File Type Identification of Data Fragments by Their Binary StructureMartin Karresand and Nahid ShahmehriThe 7th IEEE Information Assurance Workshop (IAWorkshop 2006)West Point, New York, USA, June 21-23, 2006
AbstractRapidly gaining information superiority is vital when fighting an enemy, but the current computer forensics tools, which require file headers or a working file system to function, do not enable us to quickly map out the contents of corrupted hard disks or other fragmented storage media found at crime scenes. The lack of proper tools slows down the hunt for information, which would otherwise help us get the upper hand against IT based perpetrators. Therefore this paper presents an algorithm which allows categorization of data fragments based solely on their structure, without the need for any meta data. The algorithm is based on measuring the rate of change of the byte contents of digital media and extends the byte frequency distribution based XXXX method presented in an earlier paper. The evaluation of the new method shows a detection rate of 99.2\,\%, without generating any false positives, when used to scan for JPEG data. The slowest implementation of the algorithm scans a 72.2 MB file in approximately 2.5 seconds and scales linearly.
|
|
