Title :
Forensic Analysis of Document Fragment Based on SVM
Author :
Li, Binglong ; Wang, Qingxian ; Luo, Junyong
Author_Institution :
Information Engineering University, China
Abstract :
The ability to automatically classify document fragments based on their contents is important in digital forensics. This paper proposes an Enhanced String Kernel (ESK) to classify file header fragments with Support Vector Machine (SVM). ESK can extract a byte sequence feature map about document fragment. The map consists of byte-level patterns of document fragments, and captures the characteristic of document fragments. An extended suffix array (ESA) data structure is presented to efficiently store and manipulate the feature map. We can compute the ESK by using the feature map. This method can efficiently categorize a variety of different systems and application file header fragment types. Experiments have provided good classification performance results about file header fragments.
Keywords :
Data mining; Data structures; Digital forensics; Information analysis; Kernel; Operating systems; Sequences; Support vector machine classification; Support vector machines; Text analysis;
Conference_Titel :
Intelligent Information Hiding and Multimedia Signal Processing, 2006. IIH-MSP '06. International Conference on
Conference_Location :
Pasadena, CA, USA
Print_ISBN :
0-7695-2745-0
DOI :
10.1109/IIH-MSP.2006.264988
