File type identification tools for digital investigations
Uloženo v:
| Název: | File type identification tools for digital investigations |
|---|---|
| Autoři: | Dubettier, Adrien, Gernot, Tanguy, Giguet, Emmanuel, Rosenberger, Christophe |
| Přispěvatelé: | Equipe SAFE - Laboratoire GREYC - UMR6072, Groupe de Recherche en Informatique, Image et Instrumentation de Caen (GREYC), Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Normandie Université (NU)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS) |
| Zdroj: | ISSN: 2666-2817 ; EISSN: 2666-2825 ; Forensic Science International: Digital Investigation. |
| Informace o vydavateli: | HAL CCSD Elsevier |
| Rok vydání: | 2023 |
| Sbírka: | Archive ouverte HAL (Hyper Article en Ligne, CCSD - Centre pour la Communication Scientifique Directe) |
| Témata: | Digital forensics, Digital evidence assessment, Comparative evaluation of forensics tools, Benchmarking, File type identification, File systems, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] |
| Popis: | International audience ; Digital forensics is the process of identifying, preserving, analyzing, and documenting digital evidence for investigation purposes. Building or using file analysis tools is of great interest for a forensic expert to collect high-level information in a short time. In this paper, we consider the examination of files contained in digital media, especially files with possible incorrect types. This often reveals a simple way to hide sensitive content such as porn images, passwords, or accounts. Many commercial and free forensic tools are available for file type identification (FTI). In this work, we assess the performance of ten of them on two significant datasets and scenarios. The main issue we address is the relevance of the tools for forensic purposes. The underlying question is: do expectations meet reality? Our experiments highlight the significant disparity in the accuracy and behavior of the studied tools. |
| Druh dokumentu: | article in journal/newspaper |
| Jazyk: | English |
| Relation: | hal-04128864; https://hal.science/hal-04128864; https://hal.science/hal-04128864/document; https://hal.science/hal-04128864/file/filetype_greyc_hal.pdf |
| DOI: | 10.1016/j.fsidi.2023.301574 |
| Dostupnost: | https://hal.science/hal-04128864 https://hal.science/hal-04128864/document https://hal.science/hal-04128864/file/filetype_greyc_hal.pdf https://doi.org/10.1016/j.fsidi.2023.301574 |
| Rights: | info:eu-repo/semantics/OpenAccess |
| Přístupové číslo: | edsbas.D5B47DC6 |
| Databáze: | BASE |
Nájsť tento článok vo Web of Science | FullText | Text: Availability: 0 CustomLinks: – Url: https://hal.science/hal-04128864# Name: EDS - BASE (s4221598) Category: fullText Text: View record from BASE – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Dubettier%20A Name: ISI Category: fullText Text: Nájsť tento článok vo Web of Science Icon: https://imagesrvr.epnet.com/ls/20docs.gif MouseOverText: Nájsť tento článok vo Web of Science |
|---|---|
| Header | DbId: edsbas DbLabel: BASE An: edsbas.D5B47DC6 RelevancyScore: 944 AccessLevel: 3 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 943.653564453125 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: File type identification tools for digital investigations – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Dubettier%2C+Adrien%22">Dubettier, Adrien</searchLink><br /><searchLink fieldCode="AR" term="%22Gernot%2C+Tanguy%22">Gernot, Tanguy</searchLink><br /><searchLink fieldCode="AR" term="%22Giguet%2C+Emmanuel%22">Giguet, Emmanuel</searchLink><br /><searchLink fieldCode="AR" term="%22Rosenberger%2C+Christophe%22">Rosenberger, Christophe</searchLink> – Name: Author Label: Contributors Group: Au Data: Equipe SAFE - Laboratoire GREYC - UMR6072<br />Groupe de Recherche en Informatique, Image et Instrumentation de Caen (GREYC)<br />Université de Caen Normandie (UNICAEN)<br />Normandie Université (NU)-Normandie Université (NU)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN)<br />Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-Université de Caen Normandie (UNICAEN)<br />Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS) – Name: TitleSource Label: Source Group: Src Data: <i>ISSN: 2666-2817 ; EISSN: 2666-2825 ; Forensic Science International: Digital Investigation</i>. – Name: Publisher Label: Publisher Information Group: PubInfo Data: HAL CCSD<br />Elsevier – Name: DatePubCY Label: Publication Year Group: Date Data: 2023 – Name: Subset Label: Collection Group: HoldingsInfo Data: Archive ouverte HAL (Hyper Article en Ligne, CCSD - Centre pour la Communication Scientifique Directe) – Name: Subject Label: Subject Terms Group: Su Data: <searchLink fieldCode="DE" term="%22Digital+forensics%22">Digital forensics</searchLink><br /><searchLink fieldCode="DE" term="%22Digital+evidence+assessment%22">Digital evidence assessment</searchLink><br /><searchLink fieldCode="DE" term="%22Comparative+evaluation+of+forensics+tools%22">Comparative evaluation of forensics tools</searchLink><br /><searchLink fieldCode="DE" term="%22Benchmarking%22">Benchmarking</searchLink><br /><searchLink fieldCode="DE" term="%22File+type+identification%22">File type identification</searchLink><br /><searchLink fieldCode="DE" term="%22File+systems%22">File systems</searchLink><br /><searchLink fieldCode="DE" term="%22[INFO%2EINFO-CR]Computer+Science+[cs]%2FCryptography+and+Security+[cs%2ECR]%22">[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]</searchLink> – Name: Abstract Label: Description Group: Ab Data: International audience ; Digital forensics is the process of identifying, preserving, analyzing, and documenting digital evidence for investigation purposes. Building or using file analysis tools is of great interest for a forensic expert to collect high-level information in a short time. In this paper, we consider the examination of files contained in digital media, especially files with possible incorrect types. This often reveals a simple way to hide sensitive content such as porn images, passwords, or accounts. Many commercial and free forensic tools are available for file type identification (FTI). In this work, we assess the performance of ten of them on two significant datasets and scenarios. The main issue we address is the relevance of the tools for forensic purposes. The underlying question is: do expectations meet reality? Our experiments highlight the significant disparity in the accuracy and behavior of the studied tools. – Name: TypeDocument Label: Document Type Group: TypDoc Data: article in journal/newspaper – Name: Language Label: Language Group: Lang Data: English – Name: NoteTitleSource Label: Relation Group: SrcInfo Data: hal-04128864; https://hal.science/hal-04128864; https://hal.science/hal-04128864/document; https://hal.science/hal-04128864/file/filetype_greyc_hal.pdf – Name: DOI Label: DOI Group: ID Data: 10.1016/j.fsidi.2023.301574 – Name: URL Label: Availability Group: URL Data: https://hal.science/hal-04128864<br />https://hal.science/hal-04128864/document<br />https://hal.science/hal-04128864/file/filetype_greyc_hal.pdf<br />https://doi.org/10.1016/j.fsidi.2023.301574 – Name: Copyright Label: Rights Group: Cpyrght Data: info:eu-repo/semantics/OpenAccess – Name: AN Label: Accession Number Group: ID Data: edsbas.D5B47DC6 |
| PLink | https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsbas&AN=edsbas.D5B47DC6 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1016/j.fsidi.2023.301574 Languages: – Text: English Subjects: – SubjectFull: Digital forensics Type: general – SubjectFull: Digital evidence assessment Type: general – SubjectFull: Comparative evaluation of forensics tools Type: general – SubjectFull: Benchmarking Type: general – SubjectFull: File type identification Type: general – SubjectFull: File systems Type: general – SubjectFull: [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] Type: general Titles: – TitleFull: File type identification tools for digital investigations Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Dubettier, Adrien – PersonEntity: Name: NameFull: Gernot, Tanguy – PersonEntity: Name: NameFull: Giguet, Emmanuel – PersonEntity: Name: NameFull: Rosenberger, Christophe – PersonEntity: Name: NameFull: Equipe SAFE - Laboratoire GREYC - UMR6072 – PersonEntity: Name: NameFull: Groupe de Recherche en Informatique, Image et Instrumentation de Caen (GREYC) – PersonEntity: Name: NameFull: Université de Caen Normandie (UNICAEN) – PersonEntity: Name: NameFull: Normandie Université (NU)-Normandie Université (NU)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN) – PersonEntity: Name: NameFull: Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-Université de Caen Normandie (UNICAEN) – PersonEntity: Name: NameFull: Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS) IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 01 Type: published Y: 2023 Identifiers: – Type: issn-locals Value: edsbas – Type: issn-locals Value: edsbas.oa Titles: – TitleFull: ISSN: 2666-2817 ; EISSN: 2666-2825 ; Forensic Science International: Digital Investigation Type: main |
| ResultId | 1 |