Staffordshire University logo
STORE - Staffordshire Online Repository

Forensically Classifying Files Using HSOM Algorithms

Pierris, Georgios and VIDALIS, Stilianos (2012) Forensically Classifying Files Using HSOM Algorithms. In: The 3-rd International Conference on Emerging Intelligent Data and Web Technologies, 19 - 21 September 2012, University Politehnica of Bucharest, Bucharest, Romania.

Full text not available from this repository. (Request a copy)

Abstract or description

It’s been accepted by Cloud Computing vendors that retrieving data from a cloud environment once they have been deleted is next to impossible. This constitutes a major hurdle for the digital forensics examiner as it greatly limits the pool of potential evidence that could be collected during an investigation. In this paper we will discuss a solution to the above problem that spans across two different worlds: the world of digital forensics and the world of artificial intelligence.

Block-based hash analysis works by calculating a hash value for each block of the target file that would be allocated a sector or cluster to store its data. The block hashes are then stored in a “map” file. The examiner then searches secondary memory areas to see if they contain blocks matching those contained in the “map” files. The examiner then has the ability to rebuild any file whose blocks have been located. The processes of hash-map calculation and analysis in the case of graphic images is accomplished using a single, dual-purpose EnScript in EnCase. Where a suspect file has been partially but not completely located the script will produce a PNG graphic showing exactly which blocks of the graphic have been located.

This technique is extremely time and processor intensive, and does not work for unknown broken files. We hypothesize that we can use HSOM algorithms in order to reconstruct broken chains of previously unknown files, in order to be examined by the digital forensic examiner using the block-based hash analysis technique.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Innovative idea attempting to further the file block hash map analysis technique of identifying the presence of files in un-allocated space
Subjects: G400 Computer Science
G700 Artificial Intelligence
Faculty: Faculty of Computing, Engineering and Sciences > Computing
Depositing User: Stilianos VIDALIS
Date Deposited: 23 Aug 2013 15:26
Last Modified: 23 Aug 2013 15:26
URI: http://eprints.staffs.ac.uk/id/eprint/1310

Actions (login required)

View Item View Item

DisabledGo Staffordshire University is a recognised   Investor in People. Sustain Staffs
Legal | Freedom of Information | Site Map | Job Vacancies
Staffordshire University, College Road, Stoke-on-Trent, Staffordshire ST4 2DE t: +44 (0)1782 294000