Research Article
FORWEB: File Fingerprinting for Automated Network Forensics Investigations
@INPROCEEDINGS{10.4108/e-forensics.2008.2774, author={John Haggerty and David Llewellyn-Jones and Mark Taylor}, title={FORWEB: File Fingerprinting for Automated Network Forensics Investigations}, proceedings={1st International ICST Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia}, publisher={ACM}, proceedings_a={E-FORENSICS}, year={2010}, month={5}, keywords={Computer forensics file fingerprinting network investigations}, doi={10.4108/e-forensics.2008.2774} }- John Haggerty
David Llewellyn-Jones
Mark Taylor
Year: 2010
FORWEB: File Fingerprinting for Automated Network Forensics Investigations
E-FORENSICS
ACM
DOI: 10.4108/e-forensics.2008.2774
Abstract
A major advantage of information technology is the ease, speed and volume of information that may be shared between hosts. However, this has given rise to concerns over paedophile activity and the spread of malicious digital pictures amongst this community. In network forensic investigations a wealth of information relevant to the investigation will reside within the network itself and on disparate hosts. Current computer forensics tools are designed for the analysis of seized hard drives rather than investigating data within a network. In this paper we present FORWEB, a novel scheme for automated file fingerprinting of malicious pictures resident on Web servers. This approach may be used in forensic investigations to automatically identify repositories of malicious digital pictures on the Internet or to verify the Internet usage of a suspect. A case study and its results demonstrate the applicability of this approach.