Fast contraband detection in large capacity disk drives. (March 2015)
- Record Type:
- Journal Article
- Title:
- Fast contraband detection in large capacity disk drives. (March 2015)
- Main Title:
- Fast contraband detection in large capacity disk drives
- Authors:
- Penrose, Philip
Buchanan, William J.
Macfarlane, Richard - Abstract:
- Abstract: In recent years the capacity of digital storage devices has been increasing at a rate that has left digital forensic services struggling to cope. There is an acknowledgement that current forensic tools have failed to keep up. The workload is such that a form of 'administrative triage' takes place in many labs where perceived low priority jobs are delayed or dropped without reference to the data itself. In this paper we investigate the feasibility of first responders performing a fast initial scan of a device by sampling on the device itself. A Bloom filter is used to store the block hashes of large collections of contraband data. We show that by sampling disk clusters, we can achieve 99.9% accuracy scanning for contraband data in minutes. Even under the constraints imposed by low specification legacy equipment, it is possible to scan a device for contraband with a known and controllable margin of error in a reasonable time. We conclude that in this type of case it is feasible to boot the device into a forensically sound environment and do a pre-imaging scan to prioritise the device for further detailed investigation.
- Is Part Of:
- Digital investigation. Volume 12(2015)Supplement 1
- Journal:
- Digital investigation
- Issue:
- Volume 12(2015)Supplement 1
- Issue Display:
- Volume 12, Issue 1 (2015)
- Year:
- 2015
- Volume:
- 12
- Issue:
- 1
- Issue Sort Value:
- 2015-0012-0001-0000
- Page Start:
- S22
- Page End:
- S29
- Publication Date:
- 2015-03
- Subjects:
- Disk sampling -- Contraband detection -- Digital forensics -- Triage -- Bloom filter -- Sampling -- Sample size
Forensic sciences -- Data processing -- Periodicals
Criminal investigation -- Data processing -- Periodicals
363.250285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/17422876 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.diin.2015.01.007 ↗
- Languages:
- English
- ISSNs:
- 1742-2876
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3588.396620
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 22608.xml