Proposal / Submission Type
Peer Reviewed Paper
Location
Daytona Beach, Florida
Start Date
19-5-2015 3:30 PM
Abstract
Employing a fast string matching algorithm is essential for minimizing the overhead of extracting structured files from a raw disk image. In this paper, we summarize the concept, implementation, and main features of ten software-based string matching algorithms, and evaluate their applicability for forensic analysis. We provide comparisons between the selected software-based string matching algorithms from the perspective of forensic analysis by conducting their performance evaluation for file carving. According to the experimental results, the Shift-Or algorithm (R. Baeza-Yates & Gonnet, 1992) and the Karp-Rabin algorithm (Karp & Rabin, 1987) have the minimized search time for identifying the locations of specified headers and footers in the target disk.
Keywords: string matching algorithm, forensic analysis, file carving, Scalpel, data recovery
Scholarly Commons Citation
Liao, Yi-Ching, "A Survey of Software-based String Matching Algorithms for Forensic Analysis" (2015). Annual ADFSL Conference on Digital Forensics, Security and Law. 2.
https://commons.erau.edu/adfsl/2015/tuesday/2
Included in
Aviation Safety and Security Commons, Computer Law Commons, Defense and Security Studies Commons, Forensic Science and Technology Commons, Information Security Commons, National Security Law Commons, OS and Networks Commons, Other Computer Sciences Commons, Social Control, Law, Crime, and Deviance Commons
A Survey of Software-based String Matching Algorithms for Forensic Analysis
Daytona Beach, Florida
Employing a fast string matching algorithm is essential for minimizing the overhead of extracting structured files from a raw disk image. In this paper, we summarize the concept, implementation, and main features of ten software-based string matching algorithms, and evaluate their applicability for forensic analysis. We provide comparisons between the selected software-based string matching algorithms from the perspective of forensic analysis by conducting their performance evaluation for file carving. According to the experimental results, the Shift-Or algorithm (R. Baeza-Yates & Gonnet, 1992) and the Karp-Rabin algorithm (Karp & Rabin, 1987) have the minimized search time for identifying the locations of specified headers and footers in the target disk.
Keywords: string matching algorithm, forensic analysis, file carving, Scalpel, data recovery
Comments
Session Chair: LeGrand Gardner, USF-Florida Center for Cybersecurity