A New Approach to Compressed File Fragment Identification

Khoa NGUYEN, Dat TRAN, Wanli MA, Dharmendra SHARMA

Research output: A Conference proceeding or a Chapter in BookConference contributionpeer-review

2 Citations (Scopus)

Abstract

Identifying the underlying type of a file given only a file fragment is a big challenge in digital forensics. Many methods have been applied to file type identification; however the identification accuracies of most of file types are still very low, especially for files having complex structures because their contents are compound data built from different data types. In this paper, we propose a new approach based on the deflate-encoded data detection, entropy-based clustering, and the use of machine learning techniques to identify deflate-encoded file fragments. Experiments on the popular compound file type showed high identification accuracy for the proposed method.
Original languageEnglish
Title of host publicationInternational Joint Conference CISIS 2015 and ICEUTE 2015
Subtitle of host publicationCISIS'15 and ICEUTE'15
EditorsAlvaro Herrero, Bruno Baruque, Javier Sedano, Hector Quintian, Emilio Corchado
Place of PublicationCham, Switzerland
PublisherSpringer
Pages377-387
Number of pages11
Volume369
ISBN (Electronic)9783319197135
ISBN (Print)9783319197128
DOIs
Publication statusPublished - 2015
EventThe 8th International Conference on Computational Intelligence in Security for Information Systems - http://cisis.usal.es , Burgos, Spain
Duration: 15 Jun 201517 Jun 2015
http://cisis.usal.es

Publication series

NameAdvances in Intelligent Systems and Computing
PublisherSpringer
Volume369
ISSN (Print)2194-5357
ISSN (Electronic)2194-5356

Conference

ConferenceThe 8th International Conference on Computational Intelligence in Security for Information Systems
Abbreviated titleCISIS 2015
Country/TerritorySpain
CityBurgos
Period15/06/1517/06/15
Internet address

Fingerprint

Dive into the research topics of 'A New Approach to Compressed File Fragment Identification'. Together they form a unique fingerprint.

Cite this