Digital Forensics and Cyber Crime. Fifth International Conference, ICDF2C 2013, Moscow, Russia, September 26-27, 2013, Revised Selected Papers

Research Article

Towards a Process Model for Hash Functions in Digital Forensics

Download133 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-14289-0_12,
        author={Frank Breitinger and Huajian Liu and Christian Winter and Harald Baier and Alexey Rybalchenko and Martin Steinebach},
        title={Towards a Process Model for Hash Functions in Digital Forensics},
        proceedings={Digital Forensics and Cyber Crime. Fifth International Conference, ICDF2C 2013, Moscow, Russia, September 26-27, 2013, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2015},
        month={2},
        keywords={Digital forensics Hashing Similarity hashing Robust hashing Perceptual hashing Approximate matching Process model},
        doi={10.1007/978-3-319-14289-0_12}
    }
    
  • Frank Breitinger
    Huajian Liu
    Christian Winter
    Harald Baier
    Alexey Rybalchenko
    Martin Steinebach
    Year: 2015
    Towards a Process Model for Hash Functions in Digital Forensics
    ICDF2C
    Springer
    DOI: 10.1007/978-3-319-14289-0_12
Frank Breitinger1,*, Huajian Liu2,*, Christian Winter2,*, Harald Baier1,*, Alexey Rybalchenko1,*, Martin Steinebach2,*
  • 1: da/sec - Biometrics and Internet Security Research Group, Hochschule Darmstadt
  • 2: Fraunhofer Institute for Secure Information Technology
*Contact email: frank.breitinger@cased.de, huajian.liu@sit.fraunhofer.de, christian.winter@sit.fraunhofer.de, harald.baier@cased.de, alexryba@yandex.ru, martin.steinebach@sit.fraunhofer.de

Abstract

Handling forensic investigations gets more and more difficult as the amount of data one has to analyze is increasing continuously. A common approach for automated file identification are hash functions. The proceeding is quite simple: a tool hashes all files of a seized device and compares them against a database. Depending on the database, this allows to discard non-relevant (whitelisting) or detect suspicious files (blacklisting).