High Speed Bitwise Search for Digital Forensic System
نویسندگان
چکیده
The most common forensic activity is searching a hard disk for string of data. Nowadays, investigators and analysts are increasingly experiencing large, even terabyte sized data sets when conducting digital investigations. Therefore consecutive searching can take weeks to complete successfully. There are two primary search methods: index-based search and bitwise search. Index-based searching is very fast after the initial indexing but initial indexing takes a long time. In this paper, we discuss a high speed bitwise search model for large-scale digital forensic investigations. We used pattern matching board, which is generally used for network security, to search for string and complex regular expressions. Our results indicate that in many cases, the use of pattern matching board can substantially increase the performance of digital forensic search tools. Keywords—Digital forensics, search, regular expression.
منابع مشابه
md5bloom: Forensic filesystem hashing revisited
Hashing is a fundamental tool in digital forensic analysis used both to ensure data integrity and to efficiently identify known data objects. However, despite many years of practice, its basic use has advanced little. Our objective is to leverage advanced hashing techniques in order to improve the efficiency and scalability of digital forensic analysis. Specifically, we explore the use of Bloom...
متن کاملSignature analysis and Computer Forensics
Computer Forensics is a process of using scientific knowledge to collect, analyze and present digital evidence to court or tribunals. Since files are the standard persistent form of data on computers, the collection, analysis and presentation of computer files as digital evidence is of utmost essential in Computer Forensics. However, data can be hidden behind files and can be enough to trick th...
متن کاملDesign of High Speed Digital CMOS Comparator Using Parallel Prefix Tree
This paper Presents a new comparator design is proposed by using parallel prefix tree. Energy efficient and high speed operation of comparators is needed for high speed digital circuits. The comparison outcome of the most significant bit, proceeding bitwise toward the least significant bit only when the compared bits are equal. In existing system, the parallel prefix structure is designed for 1...
متن کاملAnalyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملDistributed Digital Forensics on Pre-existing Internal Networks
Nielsen, Jeremiah J. M.S., Purdue University, December 2013. Distributed Digital Forensics on Pre-existing Internal Networks. Major Professor: Marc Rogers. Today's large datasets are a major hindrance on digital investigations and have led to a substantial backlog of media that must be examined. While this media sits idle, its relevant investigation must sit idle inducing investigative time lag...
متن کامل