Abstract
Computer forensics is emerging as an important tool in the fight against crime. Increasingly, computers are being used to facilitate new criminal activity, or used in the commission of existing crimes. The networked world has seen increases in, and the volume of, information that may be shared amongst hosts. This has given rise to major concerns over paedophile activity, and in particular the spread of multimedia files amongst this community. This paper presents a novel scheme for the automated analysis of storage media for digital pictures or files of interest using forensic signatures. The scheme first identifies potential multimedia files of interest and then compares the data to file signatures to ascertain whether a malicious file is resident on the computer. A case study of the forsigs application presented within this paper demonstrates the applicability of the approach for identification and retrieval of malicious multimedia files.
Please use the following format when citing this chapter: Haggerty, J. and Taylor, M, 2007, in JF1F international Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Soims, R., (Boston: Springer), pp. 1–12.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Li, X. & Seberry, J., “Forensic Computing”, Proceedings of INDOCRYPT, New Delhi, India, 8-10 Dec 2003, LNCS 2904, Springer, 2003, pp. 18–35.
Mohay, G., Anderson, A., Collie, B., De Vel, O. & McKemmish, R., Computer and Intrusion Forensics, Artech House, MA, USA, 2003.
Chen, H., Chung, W., Xu, J.L., Wang, G., Qin, Y. & Chau, M., “Crime Data Mining: A General Framework and Some Examples”, Computer, April 2004, pp. 50–56.
Burr, W.E., “Cryptographic Hash Standards Where Do We Go from Here?”, IEEE Security and Privacy, March/April, 2006, pp. 88–91.
The Forensics Toolkit, available from http://www.accessdata.com, accessed October 2006.
Guidance Software Encase, available from http://www.guidancesoftware.com, accessed October 2006.
Jhead, available from http://www.sentex.net/mwandel/jhead, last updated April 2006, accessed October 2006.
DataLifter Computer Forensic Software, available from http://datalifter.com/products.htm, accessed October 2006.
Li, W. J., Wang, K., Stolfo, S. & Herxog, B., “Fileprints: Identifying File Types by n-gram Analysis”, Proceedings of the 6th IEEE Systems, Man and Cybernetics Assurance Workshop, West Point, NY, USA, June, 2005.
Karresand, M. & Shahmehri, N., “Oscar — File Type Identification of Binary Data in Disk Clusters and RAM Pages”, Proceedings of IFIP SEC 2006, Karlstadt, Sweden, 22 — 24 May, 2006.
Karresand, M. & Shahmehri, N., “File Type Identification of Data Fragments by their Binary Structure”, Proceedings of the 2006 IEEE Workshop on Information Assurance, US Military Academy, West Point, NY, 21-23 June, 2006.
Haggerty, J., Berry, T. & Gresty, D., “Forensic Signature Analysis of Digital Image Files”, Proceedings of the Ist Conference on Advances in Computer Security and Forensics, Liverpool, UK, 13-14 July, 2006.
Zhang, Y. & Paxson, V., “Detecting Backdoors”, Proceedings of USENIX Security Symposium, Denver, CO, USA, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Haggerty, J., Taylor, M. (2007). FORSIGS: Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)