Testing the forensic interestingness of image files based on size and type
Loading...
Authors
Goldberg, Raymond M.
Subjects
Real Drive Corpus
scanning
white listing
known files database
scanning
white listing
known files database
Advisors
Rowe, Neil C.
Date of Issue
2017-09
Date
Sep-17
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
In this thesis, we investigate the relationship between the size and type of a file and its forensic usefulness. We investigate GIF, MP3, MP4, PNG, and JPEG files found in a large collection called the Real Drive Corpus, and the files’ classification as software-based, entertainment-based, or personal. Results of these experiments were compared to prior work to find interesting files. Results show that the previous experiments were effective at marking interesting files as interesting, but there were still a lot of uninteresting files that were marked as interesting. Also, the results do not show a correlation between the interestingness of a file, its type, and its size.
Type
Thesis
Description
Series/Report No
Department
Information Sciences (IS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.