File Fragment Classification---The Case for Specialized Approaches
Garfinkel_ File_Fragment_2009.SADFE.Fragments.pdf (354.7Kb)Date
2009Metadata
Show full item recordAbstract
Increasingly advances in file carving, memory analysis and network forensics requires the
ability to identify the underlying type of a file given only a file fragment. Work to date on this
problem has relied on identification of specific byte sequences in file headers and footers, and
the use of statistical analysis and machine learning algorithms taken from the middle of the
file. We argue that these approaches are fundamentally flawed because they fail to consider
the inherent internal structure in widely used file types such as PDF, DOC, and ZIP. We
support our argument with a bottom-up examination of some popular formats and an analysis
of TK PDF files. Based on our analysis, we argue that specialized methods targeted to each
specific file type will be necessary to make progress in this area.
Description
Systematic Approaches to Digital Forensics Engineering
Refereed Conference Paper
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Diesel Submarine Support to SOF
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N062-AGiven the limited availability of submarines to support SOF and the potential to save billions of dollars, as well as improve a capability through quiet, shallow-water capable submarines, a review of potential diesel-electric ... -
Diesel Submarine Support to SOF
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N062-AGiven the limited availability of submarines to support SOF and the potential to save billions of dollars, as well as improve a capability through quiet, shallow-water capable submarines, a review of potential diesel-electric ... -
Maritime Strategy and Naval Innovation (Continuation)
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N001-AThis project is a continuation of ongoing support by NPS to the work of N50 to further refining and improving the Navy's strategy development and implementation processes. This will be the fourth year of support to the ...
