Abstract: We describe a tool Dirim for automatically finding files on a drive that are anomalous or suspicious, and thus worthy of focus during digital-forensic investigation, based on solely their directory information. Anomalies are found both from comparing overall drive statistics and from comparing clusters of related files using a novel approach of "superclustering " of clusters. Suspicious file detection looks for a set of specific clues. We discuss results of experiments we conducted on a representative corpus on 1467 drive images where we did find interesting anomalies but not much deception (as expected given the corpus). Cluster comparison performed best at providing useful information for an investigator, but the other...
Log files play an important part in the day to day running of many systems and services, allowing ad...
We identify a new method for detecting malware within a network that can be processed in linear time...
Computer forensics faces a range of challenges due to the widespread use of computing technologies. ...
Abstract. For digital forensics, eliminating the uninteresting is often more critical than finding t...
The article of record as published may be found at https://doi.org/10.1007/978-3-030-05487-8_9Associ...
Hierarchical storage system namespaces are notorious for their immense size, which is a significant ...
Proceedings of the Intelligence Analysis Conference, McLean, Virginia, USA, May 2005We develop metho...
Similarity a b s t r a c t Hash-based carving is a technique for detecting the presence of specific ...
Today, there has been a massive proliferation of huge databases storing valuable information. The op...
Insider attacks aiming at stealing data are highly common, according to recent studies, and they are...
The article of record as published may be found at https://doi.org/10.1016/j.diin.2015.05.001Hash-ba...
Searching for digital evidence is a time consuming and error-prone process. In this paper, we introd...
Malcode can be easily hidden in document files and go undetected by standard technology. We demonstr...
We describe an anomaly detector, called FWRAP, for a Host-based Intrusion Detection System that moni...
AbstractHash-based carving is a technique for detecting the presence of specific “target files” on d...
Log files play an important part in the day to day running of many systems and services, allowing ad...
We identify a new method for detecting malware within a network that can be processed in linear time...
Computer forensics faces a range of challenges due to the widespread use of computing technologies. ...
Abstract. For digital forensics, eliminating the uninteresting is often more critical than finding t...
The article of record as published may be found at https://doi.org/10.1007/978-3-030-05487-8_9Associ...
Hierarchical storage system namespaces are notorious for their immense size, which is a significant ...
Proceedings of the Intelligence Analysis Conference, McLean, Virginia, USA, May 2005We develop metho...
Similarity a b s t r a c t Hash-based carving is a technique for detecting the presence of specific ...
Today, there has been a massive proliferation of huge databases storing valuable information. The op...
Insider attacks aiming at stealing data are highly common, according to recent studies, and they are...
The article of record as published may be found at https://doi.org/10.1016/j.diin.2015.05.001Hash-ba...
Searching for digital evidence is a time consuming and error-prone process. In this paper, we introd...
Malcode can be easily hidden in document files and go undetected by standard technology. We demonstr...
We describe an anomaly detector, called FWRAP, for a Host-based Intrusion Detection System that moni...
AbstractHash-based carving is a technique for detecting the presence of specific “target files” on d...
Log files play an important part in the day to day running of many systems and services, allowing ad...
We identify a new method for detecting malware within a network that can be processed in linear time...
Computer forensics faces a range of challenges due to the widespread use of computing technologies. ...