File type identification tools for digital investigations
Saved in:
| Title: | File type identification tools for digital investigations |
|---|---|
| Authors: | Dubettier, Adrien, Gernot, Tanguy, Giguet, Emmanuel, Rosenberger, Christophe |
| Contributors: | Equipe SAFE - Laboratoire GREYC - UMR6072, Groupe de Recherche en Informatique, Image et Instrumentation de Caen (GREYC), Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Normandie Université (NU)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS) |
| Source: | ISSN: 2666-2817 ; EISSN: 2666-2825 ; Forensic Science International: Digital Investigation. |
| Publisher Information: | HAL CCSD Elsevier |
| Publication Year: | 2023 |
| Collection: | Archive ouverte HAL (Hyper Article en Ligne, CCSD - Centre pour la Communication Scientifique Directe) |
| Subject Terms: | Digital forensics, Digital evidence assessment, Comparative evaluation of forensics tools, Benchmarking, File type identification, File systems, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] |
| Description: | International audience ; Digital forensics is the process of identifying, preserving, analyzing, and documenting digital evidence for investigation purposes. Building or using file analysis tools is of great interest for a forensic expert to collect high-level information in a short time. In this paper, we consider the examination of files contained in digital media, especially files with possible incorrect types. This often reveals a simple way to hide sensitive content such as porn images, passwords, or accounts. Many commercial and free forensic tools are available for file type identification (FTI). In this work, we assess the performance of ten of them on two significant datasets and scenarios. The main issue we address is the relevance of the tools for forensic purposes. The underlying question is: do expectations meet reality? Our experiments highlight the significant disparity in the accuracy and behavior of the studied tools. |
| Document Type: | article in journal/newspaper |
| Language: | English |
| Relation: | hal-04128864; https://hal.science/hal-04128864; https://hal.science/hal-04128864/document; https://hal.science/hal-04128864/file/filetype_greyc_hal.pdf |
| DOI: | 10.1016/j.fsidi.2023.301574 |
| Availability: | https://hal.science/hal-04128864 https://hal.science/hal-04128864/document https://hal.science/hal-04128864/file/filetype_greyc_hal.pdf https://doi.org/10.1016/j.fsidi.2023.301574 |
| Rights: | info:eu-repo/semantics/OpenAccess |
| Accession Number: | edsbas.D5B47DC6 |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | International audience ; Digital forensics is the process of identifying, preserving, analyzing, and documenting digital evidence for investigation purposes. Building or using file analysis tools is of great interest for a forensic expert to collect high-level information in a short time. In this paper, we consider the examination of files contained in digital media, especially files with possible incorrect types. This often reveals a simple way to hide sensitive content such as porn images, passwords, or accounts. Many commercial and free forensic tools are available for file type identification (FTI). In this work, we assess the performance of ten of them on two significant datasets and scenarios. The main issue we address is the relevance of the tools for forensic purposes. The underlying question is: do expectations meet reality? Our experiments highlight the significant disparity in the accuracy and behavior of the studied tools. |
|---|---|
| DOI: | 10.1016/j.fsidi.2023.301574 |