Context-Based File Block Classification - Advances in Digital Forensics VIII Access content directly
Conference Papers Year : 2012

Context-Based File Block Classification

Abstract

Because files are typically stored as sequences of data blocks, the file carving process in digital forensics involves the identification and collocation of the original blocks of files. Current file carving techniques that use the signatures of file headers and footers could be improved by first classifying each data block in the storage media as belonging to a given file type. Unfortunately, file block classification techniques tend to have low accuracy. One reason is that they do not account for compound files that contain subcomponents encoded as different data types. This paper presents a context-based classification approach that accounts for compound files and improves on block-by-block classification schemes by exploiting the contiguity of file blocks belonging to the same file on the storage media.
Fichier principal
Vignette du fichier
978-3-642-33962-2_5_Chapter.pdf (1.37 Mo) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-01523720 , version 1 (16-05-2017)

Licence

Attribution

Identifiers

Cite

Luigi Sportiello, Stefano Zanero. Context-Based File Block Classification. 8th International Conference on Digital Forensics (DF), Jan 2012, Pretoria, South Africa. pp.67-82, ⟨10.1007/978-3-642-33962-2_5⟩. ⟨hal-01523720⟩
86 View
136 Download

Altmetric

Share

Gmail Facebook X LinkedIn More