Forensic corpus data reduction techniques for faster analysis by eliminating tedious files

Joseph, D. Paul; Norman, Jasmine

doi:10.1080/19393555.2019.1689319

Cited by 8 publications

(19 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…KnTTools, which was developed in 2005, is understood to be the first RAM image acquisition from the operating system and analysis application. The search analysis for running processes and threads was carried out in the RAM image by using KnTTools [4]. Image acquisition, using external hardware, was carried out by using the application AfterLife.…”

Section: Related Workmentioning

confidence: 99%

“…Therefore, RAM image acquisition software runs at the kernel mode level. There exist open source and commercial software that acquires RAM images for the Windows operating system [2][3][4]. The RAM images acquired by these software packages are used in RAM analysis and data carving operations.…”

Section: Introductionmentioning

confidence: 99%

“…Various data such as user passwords, images, documents, installed programs, and web addresses that have been visited can be acquired from the RAM by a RAM image analysis [3][4][5][6][7]. String searching, signature scanning, file carving, and data structure analysis methods are used to recover data from the RAM image.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Analysing and Carving MS Word and PDF Files from RAM Images on Windows

2022

Teh. vjesn.

View full text Add to dashboard Cite

In this study, a piece of software has been developed to recover the readable data by carving MS Word and PDF files from the RAM image. String searching, signature scanning, and data carving methods are used in the design of the software. The analysis was performed on a RAM image of 14 GB by using the software that was developed. The success rate for each file was determined by comparing the recovered data to the data in the original file. It was determined that the rate of data recovery decreases as the size of the MS Word or PDF files loaded onto RAM increases. Consequently, it is aimed to be an important example of obtaining electronic evidence from volatile data in forensic informatics with the proposed study.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Analysing and Carving MS Word and PDF Files from RAM Images on Windows

2022

Teh. vjesn.

View full text Add to dashboard Cite

show abstract

“…For each file in the NSRL collection, the RDS includes 1) cryptographic hash values of the file's content, 2) information about the software package(s) containing the file, 3) the manufacturer of the package, 4) the original name, and 5) the size of the file. Many studies have used the hash list of RDS to identify and filter known benign files [3], [11], [30], and [31].…”

Section: A Index Searching and Filteringmentioning

confidence: 99%

“…The Regional Computer Forensic Laboratory (RCFL) annual reports reveal a significant increase in the number of digital cases and the volume of data [1]. Consequently, digital forensic laboratories experience the accumulation of evidence awaiting analysis [2], [3].…”

Section: Introductionmentioning

confidence: 99%

Developing Software Signature Search Engines Using Paragraph Vector Model: A Triage Approach for Digital Forensics

2021

View full text Add to dashboard Cite

Today, with the growth of information and communication technology, digital crimes have also spread. Advanced storage technologies and their low cost have led to a significant increase in their use. Therefore, the high volume of digital data to be analyzed is a challenge facing digital forensic investigators. Digital forensic triage solutions aim to alleviate the forensic backlog. A promising triage technique is to quickly find the software packages run on the target system to narrow down the search space. In this paper, we propose a software signature search engine (S3E) to identify software on the system under investigation. The document collection of this search engine consists of software signatures, and the query is the features extracted from the system's hard disk. We propose a forensic differential analysis model to build software signatures. Besides, we use the paragraph vector model to construct the corresponding vectors of each software signature and find similarities between the query vector and the signature vectors. Different design parameters are involved in making software signature search engines, and distinct values of these parameters lead to different models. We have measured the performance of these S3E models against several controlled systems and some pseudo-real systems. The experimental results on both datasets show that some S3E models achieve perfect recall, and many of them have a recall of more than 90%. Besides, we find that the recall rate of the S3E models in both datasets is higher than the averaged word2vec model and the TF-IDF model.

show abstract

Social IoT data mining and cyber‐crime forensics under complex cloud environment

Cai

Wang³

2020

Internet Technology Letters

View full text Add to dashboard Cite

Computer forensics is accompanied by the development of computer technology and the emergence of a new form of crime, network crime. The computer log provides a lot of evidence for the computer system to attack crime. Due to the particularity of information technology, it also brings huge information security risks in the whole information process. There are more and more new types of criminal activities which take computer network information system as criminal object and computer network information system as criminal tool. Therefore, it is of great practical significance to crack down on computer network crimes and ensure information security for national economic development and social stability. Different from the traditional social crime, cyber crime is a typical high-tech crime. The evidence of network crime is transmitted and stored in the form of binary digital data through computers or related network devices in the network. The network forensics model based on data mining technology proposed in this paper applies data mining technology to the evidence analysis of network forensics, and makes full use of various mining modes of data mining technology.

show abstract

Forensic corpus data reduction techniques for faster analysis by eliminating tedious files

Cited by 8 publications

References 22 publications

Analysing and Carving MS Word and PDF Files from RAM Images on Windows

Analysing and Carving MS Word and PDF Files from RAM Images on Windows

Developing Software Signature Search Engines Using Paragraph Vector Model: A Triage Approach for Digital Forensics

Social IoT data mining and cyber‐crime forensics under complex cloud environment

Contact Info

Product

Resources

About