File Fragment Classification---The Case for Specialized Approaches
MetadataShow full item record
Increasingly advances in file carving, memory analysis and network forensics requires the ability to identify the underlying type of a file given only a file fragment. Work to date on this problem has relied on identification of specific byte sequences in file headers and footers, and the use of statistical analysis and machine learning algorithms taken from the middle of the file. We argue that these approaches are fundamentally flawed because they fail to consider the inherent internal structure in widely used file types such as PDF, DOC, and ZIP. We support our argument with a bottom-up examination of some popular formats and an analysis of TK PDF files. Based on our analysis, we argue that specialized methods targeted to each specific file type will be necessary to make progress in this area.
Systematic Approaches to Digital Forensics EngineeringRefereed Conference Paper
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Knight, Steven D. (Monterey, California. Naval Postgraduate School, 1998-06-01);As the Department of Defense (DoD) continually relies more on Modeling and Simulation (M&S) for testing, analyzing, and training, issues of interoperability have become one of the most important concerns. As such, DoD ...
Borah, David C. (Monterey, California. Naval Postgraduate School, 1995-06);The purpose of this thesis is to report the status of financial analysis of private sector firms as it is presently being conducted within the Department of Defense. In doing so, this thesis describes and compares five ...
Lewis, Peter A. W. (Monterey, California. Naval Postgraduate School, 1976-09); NPS 55Lw76091We describe recent results in the development of methodology of the statistical analysis of univariate series of events (point processes) and give some references to applications in the analysis and evaluation of computer ...