Digital Forensics and Cyber Crime. 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings

Research Article

Expediting Approximate Matching with Hierarchical Bloom Filter Trees

  • @INPROCEEDINGS{10.1007/978-3-319-73697-6_11,
        author={David Lillis and Frank Breitinger and Mark Scanlon},
        title={Expediting  Approximate Matching with Hierarchical Bloom Filter Trees},
        proceedings={Digital Forensics and Cyber Crime. 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings},
        proceedings_a={ICDF2C},
        year={2018},
        month={1},
        keywords={Approximate matching Hierarchical bloom filter trees 
                    
                  },
        doi={10.1007/978-3-319-73697-6_11}
    }
    
  • David Lillis
    Frank Breitinger
    Mark Scanlon
    Year: 2018
    Expediting Approximate Matching with Hierarchical Bloom Filter Trees
    ICDF2C
    Springer
    DOI: 10.1007/978-3-319-73697-6_11
David Lillis1,*, Frank Breitinger2,*, Mark Scanlon1,*
  • 1: University College Dublin
  • 2: University of New Haven
*Contact email: david.lillis@ucd.ie, fbreitinger@newhaven.edu, mark.scanlon@ucd.ie

Abstract

Perhaps the most common task encountered by digital forensic investigators consists of searching through a seized device for pertinent data. Frequently, an investigator will be in possession of a collection of “known-illegal” files (e.g. a collection of child pornographic images) and will seek to find whether copies of these are stored on the seized drive. Traditional hash matching techniques can efficiently find files that precisely match. However, these will fail in the case of merged files, embedded files, partial files, or if a file has been changed in any way.