Security Aspects of Piecewise Hashing in Computer Forensics

Breitinger, Frank

doi:10.1109/imf.2011.16

Titre

Security Aspects of Piecewise Hashing in Computer Forensics

Type

article de conférence/colloque

Institution

Externe

Auteur(s)

Baier, Harald

Auteure/Auteur

Breitinger, Frank

Auteure/Auteur

Liens vers les personnes

Breitinger, Frank

Maison d’édition

IEEE

Titre du livre ou conférence/colloque

2011 Sixth International Conference on IT Security Incident Management and IT Forensics

ISBN

9781457701467

Statut éditorial

Publié

Date de publication

2011-05

Langue

anglais

Résumé

Although hash functions are a well-known method in computer science to map arbitrary large data to bit strings of a fixed length, their use in computer forensics is currently very limited. As of today, in a pre-step process hash values of files are generated and stored in a database, typically a cryptographic hash function like MD5 or SHA-1 is used. Later the investigator computes hash values of files, which he finds on a storage medium, and performs look ups in his database. This approach has several drawbacks, which have been sketched in the community, and some alternative approaches have been proposed. The most popular one is due to Jesse Kornblum, who transferred ideas from spam detection to computer forensics in order to identify similar files. However, his proposal lacks a thorough security analysis. It is therefore one aim of the paper at hand to present some possible attack vectors of an active adversary to bypass Kornblum’s approach. Furthermore, we present a pseudo random number generator being both more efficient and more random compared to Kornblum’s pseudo random number generator.

Sujets

computer forensics, c...

PID Serval

serval:BIB_2A7C86934A43

DOI

10.1109/imf.2011.16

Permalien

https://iris.unil.ch/handle/iris/121119

URL éditeur

http://dx.doi.org/10.1109/IMF.2011.16

Date de création

2021-05-06T10:01:54.285Z

Date de création dans IRIS

2025-05-20T20:08:13Z