PrePrint: Distinct sector hashes for target file detection.: Forensics examiners frequently search for known content by comparing each file's cryptographic hash with a hash database. We present a new approach combining sector hashing with sampling, in which subject drives are individually sampled and hashed on sector boundaries and then checked against a prebuilt database. We demonstrate that sector hashes are probative by analyzing millions of document files and malware samples. We discuss issues that arise when building the hash database, and present a custom key-value storage solution. Finally, we discuss the use of sector hashing with various file systems and present previous relevant work.
DIGITAL JUICE
No comments:
Post a Comment
Thank's!