Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
File Fragment Analysis Using Normalized Compression Distance
Blekinge Institute of Technology, School of Computing.
Blekinge Institute of Technology, School of Computing.
2013 (English)Conference paper, Published paper (Refereed)
Abstract [en]

The first step when recovering deleted files using file carving is to identify the file type of a block, also called file fragment analysis. Several researchers have demonstrated the applicability of Kolmogorov complexity methods such as the normalized compression distance (NCD) to this problem. NCD methods compare the results of compressing a pair of data blocks with the compressed concatenation of the pair. One parameter that is required is the compression algorithm to be used. Prior research has identified the NCD compressor properties that yield good performance. However, no studies have focused on its applicability to file fragment analysis. This paper describes the results of experiments on a large corpus of files and file types with different block lengths. The experimental results demonstrate that, in the case of file fragment analysis, compressors with the desired properties do not perform statistically better than compressors with less computational complexity.

Place, publisher, year, edition, pages
Orlando: Springer , 2013.
Keyword [en]
Compression algorithms, Deleted files, File carving, File fragments, Kolmogorov complexity, Large corpora, Normalized compression distance
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-6667DOI: 10.1007/978-3-642-41148-9_12ISI: 000329976600012Local ID: oai:bth.se:forskinfo798E57976774FEB9C1257C2E00342805ISBN: 9783642411472 (print)OAI: oai:DiVA.org:bth-6667DiVA: diva2:834191
Conference
International Conference on Digital Forensics
Available from: 2014-07-17 Created: 2013-11-25 Last updated: 2017-03-17Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Axelsson, StefanSrikanth, Mandhapati Venkata
By organisation
School of Computing
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 62 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf