{"title":"Improved file-Carving through data-parallel pattern matching for data forensics","authors":"Ciprian-Petrisor Pungila","doi":"10.1109/SACI.2012.6250001","DOIUrl":null,"url":null,"abstract":"File-carving, as part of the data recovery process, is a topic of great interest due to its potential to minimize cost- impact in business environments, where the losses are significant every year, according to public reports. Starting with a modified version of the signature database of TrID, a long-established file-identification utility, and implementing a multiple-pattern matching algorithm that extends the Aho-Corasick automaton, we propose an approach suitable for multi-core systems for performing carving using complex patterns, that describe filetypes more accurately, making it also suitable for digital forensics. The experimental results have shown that our approach performs better and identifies data with greater accuracy, with lower than 3% performance degradation in the processing bandwidth of the original approach.","PeriodicalId":293436,"journal":{"name":"2012 7th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI)","volume":"408 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 7th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SACI.2012.6250001","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
File-carving, as part of the data recovery process, is a topic of great interest due to its potential to minimize cost- impact in business environments, where the losses are significant every year, according to public reports. Starting with a modified version of the signature database of TrID, a long-established file-identification utility, and implementing a multiple-pattern matching algorithm that extends the Aho-Corasick automaton, we propose an approach suitable for multi-core systems for performing carving using complex patterns, that describe filetypes more accurately, making it also suitable for digital forensics. The experimental results have shown that our approach performs better and identifies data with greater accuracy, with lower than 3% performance degradation in the processing bandwidth of the original approach.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
