Abstract
Identifying the underlying type of a file given only a file fragment is a big challenge in digital forensics. Many methods have been applied to file type identification; however the identification accuracies of most of file types are still very low, especially for files having complex structures because their contents are compound data built from different data types. In this paper, we propose a new approach based on the deflate-encoded data detection, entropy-based clustering, and the use of machine learning techniques to identify deflate-encoded file fragments. Experiments on the popular compound file type showed high identification accuracy for the proposed method.
Original language | English |
---|---|
Title of host publication | International Joint Conference CISIS 2015 and ICEUTE 2015 |
Subtitle of host publication | CISIS'15 and ICEUTE'15 |
Editors | Alvaro Herrero, Bruno Baruque, Javier Sedano, Hector Quintian, Emilio Corchado |
Place of Publication | Cham, Switzerland |
Publisher | Springer |
Pages | 377-387 |
Number of pages | 11 |
Volume | 369 |
ISBN (Electronic) | 9783319197135 |
ISBN (Print) | 9783319197128 |
DOIs | |
Publication status | Published - 2015 |
Event | The 8th International Conference on Computational Intelligence in Security for Information Systems - http://cisis.usal.es , Burgos, Spain Duration: 15 Jun 2015 → 17 Jun 2015 http://cisis.usal.es |
Publication series
Name | Advances in Intelligent Systems and Computing |
---|---|
Publisher | Springer |
Volume | 369 |
ISSN (Print) | 2194-5357 |
ISSN (Electronic) | 2194-5356 |
Conference
Conference | The 8th International Conference on Computational Intelligence in Security for Information Systems |
---|---|
Abbreviated title | CISIS 2015 |
Country/Territory | Spain |
City | Burgos |
Period | 15/06/15 → 17/06/15 |
Internet address |