상세정보
학술대회
Improving Performance in Digital Forensics : A Case using Pattern Matching Board
- 발행일
- 200903
- 출처
- International Conference on Availability, Reliability and Security (ARES) 2009, pp.1001-1005
- 협약과제
- 09MS3600, 정보투명성 보장형 디지털 포렌식 시스템 개발, 홍도원
- 초록
- Due to recent advanced technology in the field of HDD, forensic investigators and analysts are dealing with terabyte data sets and spending tremendous time and effort in forensic investigations. It makes "Speed" one of the hot issues in digital forensics. To get speed up or to improve efficiency, some approaches have been proposed. One of them getting attention is a hardware-based approach. However, such a way is limitedly used in the field of evidence cloning or password cracking while rarely applied in search and analysis for the digital evidence. A general approach to the forensic search is to find specific text strings by comparing every byte of the digital evidence at the physical level. Besides, alternative approaches have been proposed for speedup of search and analysis process. They are usually based on the technologies such like indexing algorithms, distributed processing, and data mining. However, these methods have some drawbacks. Some require a lot of initial time for preprocessing, others are impractical. In order to solve this problem, we have already proposed an efficient and practical approach for forensic analysis in [1]. In this paper, we present the system architecture and show feasibility and scalability of our approach by comparing its performance to those of a popular forensic tool currently on the market. © 2009 IEEE.
- KSP 제안 키워드
- Analysis Process, Data mining(DM), Data sets, Digital forensics, Forensic Analysis, Forensic Investigation, Hardware-Based Approach, Password cracking, Practical approach, Speed-up, System architecture