Title :
Security Aspects of Piecewise Hashing in Computer Forensics
Author :
Baier, Harald ; Breitinger, Frank
Author_Institution :
Center for Adv. Security Res. Darmstadt, Hochschule Darmstadt, Darmstadt, Germany
Abstract :
Although hash functions are a well-known method in computer science to map arbitrary large data to bit strings of a fixed length, their use in computer forensics is currently very limited. As of today, in a pre-step process hash values of files are generated and stored in a database, typically a cryptographic hash function like MD5 or SHA-1 is used. Later the investigator computes hash values of files, which he finds on a storage medium, and performs look ups in his database. This approach has several drawbacks, which have been sketched in the community, and some alternative approaches have been proposed. The most popular one is due to Jesse Kornblum, who transferred ideas from spam detection to computer forensics in order to identify similar files. However, his proposal lacks a thorough security analysis. It is therefore one aim of the paper at hand to present some possible attack vectors of an active adversary to bypass Kornblum´s approach. Furthermore, we present a pseudo random number generator being both more efficient and more random compared to Kornblum´s pseudo random number generator.
Keywords :
computer forensics; cryptography; random number generation; MD5 hash function; SHA-1 hash function; computer forensics; cryptographic hash function; piecewise hashing security aspect; pseudorandom number generator; security analysis; Computers; Context; Cryptography; Databases; Forensics; Software; Fuzzy hashing; anti-forensics; blacklisting; computer forensics; context-triggered piecewise hash functions; security analysis; whitelisting;
Conference_Titel :
IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on
Conference_Location :
Stuttgart
Print_ISBN :
978-1-4577-0146-7
DOI :
10.1109/IMF.2011.16
