Understanding the effects of removing common blocks on Approximate Matching scores under different scenarios for digital forensic investigations
- Finding similarity in digital forensics investigations can be assisted with the use of Approximate Matching (AM) functions. These algorithms create small and compact representations of objects (similar to hashes) which can be compared to identify similarity. However, often results are biased due to common blocks (data structures found in many different files regardless of content). In this paper, we evaluate the precision and recall metrics for AM functions when removing common blocks. In detail, we analyze how the similarity score changes and impacts different investigation scenarios. Results show that many irrelevant matches can be filtered out and that a new interpretation of the score allows a better similarity detection.
| Author: | Vitor Hugo Galhador Moia, Frank BreitingerORCiDGND, Marco Aurélio Amaral Henriques |
|---|---|
| Frontdoor URL | https://opus.bibliothek.uni-augsburg.de/opus4/117815 |
| Parent Title (Portuguese): | 2019: Anais do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2019), 2-5 setembro 2019, São Paulo, SP |
| Publisher: | Sociedade Brasileira de Computação – SBC |
| Place of publication: | Porto Alegre |
| Type: | Conference Proceeding |
| Language: | English |
| Year of first Publication: | 2019 |
| Release Date: | 2025/01/07 |
| First Page: | 113 |
| Last Page: | 126 |
| DOI: | https://doi.org/10.5753/sbseg.2019.13966 |
| Institutes: | Fakultät für Angewandte Informatik |
| Fakultät für Angewandte Informatik / Institut für Informatik | |
| Fakultät für Angewandte Informatik / Institut für Informatik / Lehrstuhl für Cybersicherheit |
