Article ID Journal Published Year Pages File Type
10341460 Digital Investigation 2016 8 Pages PDF
Abstract
In this paper we show how these hash values can be of use for identifying possibly vast amounts of data and thus present a feasible solution to cope with the ever-increasing case sizes in digital forensics today. While the methodology used is independent of the used file sharing protocol, we harvested information from the BitTorrent network. In total we collected and analyzed more than 3.2 billion hash values from 2.3 million torrent files, and discuss to what extent they can be used to identify otherwise unknown file fragments and data remnants. Using open-source tools like bulk_extractor and hashdb, these hash values can be directly used to enhance the effectiveness of sub-file hashing at scale.
Keywords
Related Topics
Physical Sciences and Engineering Computer Science Computer Networks and Communications
Authors
, , ,