|
Scientific Visualization
| Issue Year: | 2015 |
| Quarter: | 4 |
| Volume: | 7 |
| Number: | 4 |
| Pages: | 109 - 120 |
|
| Article Name: |
VISUAL REPRESENTATION OF FILE CONTENT DURING FORENSIC ANALYSIS TO DETECT FILES WITH PSEUDORANDOM DATA |
| Authors: |
V.S. Matveeva (Russian Federation), A.V. Epishkina (Russian Federation) |
| Address: |
V.S. Matveeva
vesta.matveeva@gmail.com
National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), Moscow, Russian Federation
A.V. Epishkina
avepishkina@mephi.ru
National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), Moscow, Russian Federation |
| Abstract: |
Searching for pseudorandom data is an important stage during forensic analysis. Existing approaches are based on verifying statistical properties of file contents by means of test suites for estimation of pseudorandom sequences. Some approaches are not adapted for work with file system and are time/resource consuming. The others have significant type I or II errors. That is why authors have conducted a research in this field and suggest an approach to estimate statistical properties of file contents by means of their visual representation. The approach was used for development of program for searching pseudorandom data. Its testing shows that type I error is reduced to zero and type II error for popular file formats is less than 1%. |
| Language: |
English |
|
|
|
