Research Article
High Speed Search for Large-Scale Digital Forensic Investigation
@INPROCEEDINGS{10.4108/e-forensics.2008.2785, author={Hyungkeun Jee and Jooyoung Lee and Dowon Hong}, title={High Speed Search for Large-Scale Digital Forensic Investigation}, proceedings={1st International ICST Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia}, publisher={ACM}, proceedings_a={E-FORENSICS}, year={2010}, month={5}, keywords={Digital forensics search hidden data regular expression}, doi={10.4108/e-forensics.2008.2785} }- Hyungkeun Jee
Jooyoung Lee
Dowon Hong
Year: 2010
High Speed Search for Large-Scale Digital Forensic Investigation
E-FORENSICS
ACM
DOI: 10.4108/e-forensics.2008.2785
Abstract
The most common forensic activity is searching a hard disk for string of data. Nowadays, investigators and analysts are increasingly experiencing large, even terabyte sized data sets when conducting digital investigations. Therefore consecutive searching can take weeks to complete successfully. There are two primary search methods: index-based search and bitwise search. Index-based searching is very fast after the initial indexing but initial indexing takes a long time. In this paper, we discuss a high speed bitwise search model for large-scale digital forensic investigations. We used pattern matching board, which is generally used for network security, to search for string and complex regular expressions. Our results indicate that in many cases, the use of pattern matching board can substantially increase the performance of digital forensic search tools.