Identifying forensically uninteresting files in a large corpus

Identifying forensically uninteresting files in a large corpus

For digital forensics, eliminating the uninteresting is often more critical than finding the interesting. We discuss methods exploiting the metadata of a large corpus. Tests were done with an international corpus of 262.7 million files obtained from 4018 drives. For malware investigations, we show t...

Full description

Bibliographic Details
Main Author: N. C. Rowe
Format: Article
Language:English
Published: European Alliance for Innovation (EAI) 2016-12-01
Series:EAI Endorsed Transactions on Security and Safety
Subjects:
digital forensics
metadata
files
corpus
data reduction
hashes
triage
whitelists
classification
malware
camouflage
Online Access:http://eudl.eu/doi/10.4108/eai.8-12-2016.151725

Internet

http://eudl.eu/doi/10.4108/eai.8-12-2016.151725

Similar Items