Show simple item record

dc.contributor.authorRoussev, Vassil
dc.contributor.authorGarfinkel, Simson
dc.date.accessioned2015-01-07T22:14:11Z
dc.date.available2015-01-07T22:14:11Z
dc.date.issued2009
dc.identifier.citationRoussev, Vassil, and Garfinkel, Simson, File Fragment Classification---The Case for Specialized Approaches, Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. (Acceptance rate: 32%, 7/22)
dc.identifier.urihttp://hdl.handle.net/10945/44254
dc.descriptionSystematic Approaches to Digital Forensics Engineeringen_US
dc.descriptionRefereed Conference Paperen_US
dc.description.abstractIncreasingly advances in file carving, memory analysis and network forensics requires the ability to identify the underlying type of a file given only a file fragment. Work to date on this problem has relied on identification of specific byte sequences in file headers and footers, and the use of statistical analysis and machine learning algorithms taken from the middle of the file. We argue that these approaches are fundamentally flawed because they fail to consider the inherent internal structure in widely used file types such as PDF, DOC, and ZIP. We support our argument with a bottom-up examination of some popular formats and an analysis of TK PDF files. Based on our analysis, we argue that specialized methods targeted to each specific file type will be necessary to make progress in this area.en_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleFile Fragment Classification---The Case for Specialized Approachesen_US
dc.typePaperen_US
dc.contributor.departmentComputer Science (CS)


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record