Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 4 of 4
Full-Text Articles in Computer Engineering
Bytewise Approximate Matching: The Good, The Bad, And The Unknown, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili
Bytewise Approximate Matching: The Good, The Bad, And The Unknown, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
Hash functions are established and well-known in digital forensics, where they are commonly used for proving integrity and file identification (i.e., hash all files on a seized device and compare the fingerprints against a reference database). However, with respect to the latter operation, an active adversary can easily overcome this approach because traditional hashes are designed to be sensitive to altering an input; output will significantly change if a single bit is flipped. Therefore, researchers developed approximate matching, which is a rather new, less prominent area but was conceived as a more robust counterpart to traditional hashing. Since the conception …
On The Database Lookup Problem Of Approximate Matching, Frank Breitinger, Harald Baier, Douglas White
On The Database Lookup Problem Of Approximate Matching, Frank Breitinger, Harald Baier, Douglas White
Electrical & Computer Engineering and Computer Science Faculty Publications
Investigating seized devices within digital forensics gets more and more difficult due to the increasing amount of data. Hence, a common procedure uses automated file identification which reduces the amount of data an investigator has to look at by hand. Besides identifying exact duplicates, which is mostly solved using cryptographic hash functions, it is also helpful to detect similar data by applying approximate matching.
Let x denote the number of digests in a database, then the lookup for a single similarity digest has the complexity of O(x). In other words, the digest has to be compared against …
Automated Evaluation Of Approximate Matching Algorithms On Real Data, Frank Breitinger, Vassil Roussev
Automated Evaluation Of Approximate Matching Algorithms On Real Data, Frank Breitinger, Vassil Roussev
Electrical & Computer Engineering and Computer Science Faculty Publications
Bytewise approximate matching is a relatively new area within digital forensics, but its importance is growing quickly as practitioners are looking for fast methods to screen and analyze the increasing amounts of data in forensic investigations. The essential idea is to complement the use of cryptographic hash functions to detect data objects with bytewise identical representation with the capability to find objects with bytewise similarrepresentations.
Unlike cryptographic hash functions, which have been studied and tested for a long time, approximate matching ones are still in their early development stages and evaluation methodology is still evolving. Broadly, prior approaches have …
An Efficient Similarity Digests Database Lookup -- A Logarithmic Divide And Conquer Approach, Frank Breitinger, Christian Rathgeb, Harald Baier
An Efficient Similarity Digests Database Lookup -- A Logarithmic Divide And Conquer Approach, Frank Breitinger, Christian Rathgeb, Harald Baier
Electrical & Computer Engineering and Computer Science Faculty Publications
Investigating seized devices within digital forensics represents a challenging task due to the increasing amount of data. Common procedures utilize automated file identification, which reduces the amount of data an investigator has to examine manually. In the past years the research field of approximate matching arises to detect similar data. However, if n denotes the number of similarity digests in a database, then the lookup for a single similarity digest is of complexity of O(n). This paper presents a concept to extend existing approximate matching algorithms, which reduces the lookup complexity from O(n) to O(log(n)). Our proposed approach is based …