File fragment encoding classification—An empirical approach |
| |
| Institution: | Department of Computer Science, University of New Orleans, New Orleans, LA 70148, USA |
| |
| Abstract: | Over the past decade, a substantial effort has been put into developing methods to classify file fragments. Throughout, it has been an article of faith that data fragments, such as disk blocks, can be attributed to different file types. This work is an attempt to critically examine the underlying assumptions and compare them to empirically collected data. Specifically, we focus most of our effort on surveying several common compressed data formats, and show that the simplistic conceptual framework of prior work is at odds with the realities of actual data. We introduce a new tool, zsniff, which allows us to analyze deflate-encoded data, and we use it to perform an empirical survey of deflate-coded text, images, and executables. The results offer a conceptually new type of classification capabilities that cannot be achieved by other means. |
| |
| Keywords: | File type classification Data encoding identification Digital forensics Sub-file forensics |
| 本文献已被 ScienceDirect 等数据库收录! |
|
