File fragment encoding classification—An empirical approach.
Saved in:
| Title: | File fragment encoding classification—An empirical approach. |
|---|---|
| Authors: | Roussev, Vassil1 vassil@cs.uno.edu, Quates, Candice1 candice@egobsd.org |
| Source: | Digital Investigation. Aug2013, Vol. 10, pS69-S77. 0p. |
| Subject Terms: | Coding theory, Empirical research, Acquisition of data, Conceptual design, Data compression, Computer science |
| Abstract: | Abstract: Over the past decade, a substantial effort has been put into developing methods to classify file fragments. Throughout, it has been an article of faith that data fragments, such as disk blocks, can be attributed to different file types. This work is an attempt to critically examine the underlying assumptions and compare them to empirically collected data. Specifically, we focus most of our effort on surveying several common compressed data formats, and show that the simplistic conceptual framework of prior work is at odds with the realities of actual data. We introduce a new tool, zsniff, which allows us to analyze deflate-encoded data, and we use it to perform an empirical survey of deflate-coded text, images, and executables. The results offer a conceptually new type of classification capabilities that cannot be achieved by other means. [Copyright &y& Elsevier] |
| Database: | Supplemental Index |
Full Text Finder 
Nájsť tento článok vo Web of Science Be the first to leave a comment!