Abstract. For digital forensics, eliminating the uninteresting is often more critical than finding the interesting. We define “uninteresting ” as containing no useful information about users of a drive, a definition which applies to most criminal investigations. Matching file hash values to those in published hash sets is the standard method, but these sets have limited coverage. This work com-pared nine automated methods of finding additional uninteresting files: (1) fre-quent hash values, (2) frequent paths, (3) frequent filename-directory pairs, (4) unusually busy times for a drive, (5) unusually busy weeks for a corpus, (6) unusually frequent file sizes, (7) membership in directories containing mostly-known files, (8) known uninterestin...
There are many limitations when using file hashes to identify known content. Because changing just a...
Digital forensic investigators frequently have to search for relevant files in massive digital corpo...
Handling forensic investigations gets more and more difficult as the amount of data one has to analy...
Abstract: We describe a tool Dirim for automatically finding files on a drive that are anomalous or ...
Part 2: FORENSIC TECHNIQUESInternational audienceThe large amounts of data that have to be processed...
The article of record as published may be found at https://doi.org/10.1016/j.diin.2015.05.001Hash-ba...
AbstractHash-based carving is a technique for detecting the presence of specific “target files” on d...
Similarity a b s t r a c t Hash-based carving is a technique for detecting the presence of specific ...
A serious problem in digital forensics is handling very large amounts of data. Since forensic invest...
The National Software Reference Library (NSRL) is an essential data source for forensic investigator...
AbstractSub-file hashing and hash-based carving are increasingly popular methods in digital forensic...
Part 2: Forensic TechniquesInternational audienceDigital forensic investigators frequently have to s...
Personal names found on drives provide forensically valuable information about users of systems. Thi...
In this thesis, we investigate the relationship between the size and type of a file and its forensic...
Handling forensic investigations gets more and more difficult as the amount of data one has to analy...
There are many limitations when using file hashes to identify known content. Because changing just a...
Digital forensic investigators frequently have to search for relevant files in massive digital corpo...
Handling forensic investigations gets more and more difficult as the amount of data one has to analy...
Abstract: We describe a tool Dirim for automatically finding files on a drive that are anomalous or ...
Part 2: FORENSIC TECHNIQUESInternational audienceThe large amounts of data that have to be processed...
The article of record as published may be found at https://doi.org/10.1016/j.diin.2015.05.001Hash-ba...
AbstractHash-based carving is a technique for detecting the presence of specific “target files” on d...
Similarity a b s t r a c t Hash-based carving is a technique for detecting the presence of specific ...
A serious problem in digital forensics is handling very large amounts of data. Since forensic invest...
The National Software Reference Library (NSRL) is an essential data source for forensic investigator...
AbstractSub-file hashing and hash-based carving are increasingly popular methods in digital forensic...
Part 2: Forensic TechniquesInternational audienceDigital forensic investigators frequently have to s...
Personal names found on drives provide forensically valuable information about users of systems. Thi...
In this thesis, we investigate the relationship between the size and type of a file and its forensic...
Handling forensic investigations gets more and more difficult as the amount of data one has to analy...
There are many limitations when using file hashes to identify known content. Because changing just a...
Digital forensic investigators frequently have to search for relevant files in massive digital corpo...
Handling forensic investigations gets more and more difficult as the amount of data one has to analy...