Event / Presentation Title

Fast Filtering of Known PNG Files Using Early File Features

Proposal / Submission Type

Peer Reviewed Paper

Abstract

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual digests with a database of known contraband. However, the large capacities of modern storage media, and increased time pressure on forensics examiners, necessitates that more efficient processing mechanisms be developed. This work describes a technique for creating signatures for images of the PNG format which only requires a tiny fraction of the file to effectively distinguish between a large number of images. Highly distinct, and compact, such analysis lays the foundation for future work in fast forensics filtering using subsets of evidential data.

This document is currently not available here.

Share

COinS
 

Fast Filtering of Known PNG Files Using Early File Features

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual digests with a database of known contraband. However, the large capacities of modern storage media, and increased time pressure on forensics examiners, necessitates that more efficient processing mechanisms be developed. This work describes a technique for creating signatures for images of the PNG format which only requires a tiny fraction of the file to effectively distinguish between a large number of images. Highly distinct, and compact, such analysis lays the foundation for future work in fast forensics filtering using subsets of evidential data.