Research Output

Sub-file Hashing Strategies for Fast Contraband Detection.

  Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast and effective digital forensics triage, and to reduce the time taken to conduct an investigation. This work explores the potential of sub-file cryptographic hashing strategies, where small fragments of files are hashed in lieu of processing the file in its entirety, for contraband detection. Results show that subfile hashing techniques perform well, particularly on solid state media, while also retaining a high degree of discriminating power. Such strategies may offer an opportunity to take advantage of the performance characteristics of non-mechanical media, streamlining future investigations and greatly reducing investigation times.

  • Date:

    31 March 2018

  • Publication Status:

    Accepted

  • Library of Congress:

    QA75 Electronic computers. Computer science

  • Dewey Decimal Classification:

    005.8 Data security

  • Funders:

    Edinburgh Napier Funded

Citation

McKeown, S., Russell, G., & Leimich, P. (in press). Sub-file Hashing Strategies for Fast Contraband Detection. In Proceedings of the IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018)

Authors

Keywords

sub-file signatures, partial-file analysis, hashing strategies, digital forensics, cryptographic hashing

Monthly Views:

Available Documents