Digital Forensics and Cyber Crime. Fifth International Conference, ICDF2C 2013, Moscow, Russia, September 26-27, 2013, Revised Selected Papers

Research Article

Towards a Process Model for Hash Functions in Digital Forensics

Download
592 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-319-14289-0_12,
    author={Frank Breitinger and Huajian Liu and Christian Winter and Harald Baier and Alexey Rybalchenko and Martin Steinebach},
    title={Towards a Process Model for Hash Functions in Digital Forensics},
    proceedings={Digital Forensics and Cyber Crime. Fifth International Conference, ICDF2C 2013, Moscow, Russia, September 26-27, 2013, Revised Selected Papers},
    proceedings_a={ICDF2C},
    year={2015},
    month={2},
    keywords={Digital forensics Hashing Similarity hashing Robust hashing Perceptual hashing Approximate matching Process model},
    doi={10.1007/978-3-319-14289-0_12}
}
  • Frank Breitinger
    Huajian Liu
    Christian Winter
    Harald Baier
    Alexey Rybalchenko
    Martin Steinebach
    Year: 2015
    Towards a Process Model for Hash Functions in Digital Forensics
    ICDF2C
    Springer
    DOI: 10.1007/978-3-319-14289-0_12
Frank Breitinger1,*, Huajian Liu2,*, Christian Winter2,*, Harald Baier1,*, Alexey Rybalchenko1,*, Martin Steinebach2,*
  • 1: da/sec - Biometrics and Internet Security Research Group, Hochschule Darmstadt
  • 2: Fraunhofer Institute for Secure Information Technology
*Contact email: frank.breitinger@cased.de, huajian.liu@sit.fraunhofer.de, christian.winter@sit.fraunhofer.de, harald.baier@cased.de, alexryba@yandex.ru, martin.steinebach@sit.fraunhofer.de

Abstract

Handling forensic investigations gets more and more difficult as the amount of data one has to analyze is increasing continuously. A common approach for automated file identification are hash functions. The proceeding is quite simple: a tool hashes all files of a seized device and compares them against a database. Depending on the database, this allows to discard non-relevant (whitelisting) or detect suspicious files (blacklisting).

Keywords
Digital forensics Hashing Similarity hashing Robust hashing Perceptual hashing Approximate matching Process model
Published
2015-02-06
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-319-14289-0_12
Copyright © 2013–2024 ICST