| dc.contributor.author | Pierris, Georgios | |
| dc.contributor.author | Vidalis, Stilianos | |
| dc.date.accessioned | 2017-08-10T16:36:20Z | |
| dc.date.available | 2017-08-10T16:36:20Z | |
| dc.date.issued | 2012 | |
| dc.identifier.citation | Pierris , G & Vidalis , S 2012 , Forensically classifying files using HSOM algorithms . in Proceedings - 3rd International Conference on Emerging Intelligent Data and Web Technologies, EIDWT 2012 . , 6354746 , pp. 225-230 , 3rd International Conference on Emerging Intelligent Data and Web Technologies, EIDWT 2012 , Bucharest , 19/09/12 . https://doi.org/10.1109/EIDWT.2012.46 | |
| dc.identifier.citation | conference | |
| dc.identifier.isbn | 9780769547343 | |
| dc.identifier.uri | http://hdl.handle.net/2299/19208 | |
| dc.description | Georgios Pierris and Stilianos Vidalis, 'Forensically Classifying Files Using HSOM Algorithms', in Proceedings of the Third International Conference on Emerging Intelligent Data and Web Technologies (EIDWT), 19-21 September 2012, Bucharest, Romania. Published 20 November 2012 by IEEE. Available online at DOI: 10.1109/EIDWT.2012.46 | |
| dc.description.abstract | It has been accepted by Cloud Computing vendors that retrieving data from a cloud environment once they have been deleted is next to impossible. This constitutes a major hurdle for the digital forensics examiner as it greatly limits the pool of potential evidence that could be collected during an investigation. In this concept paper we will discuss a different approach to the above problem that spans across two different worlds: the world of digital forensics and the world of artificial intelligence. Block-based hash analysis works by calculating a hash value for each block of the target file that would be allocated a sector or cluster to store its data. The block hashes are then stored in a map file. The examiner then searches secondary memory areas to see if they contain blocks matching those contained in the map files. The examiner then has the ability to rebuild any file whose blocks have been located. The processes of hash-map calculation and analysis in the case of graphic images is accomplished using a single, dual-purpose EnScript in EnCase. Where a suspect file has been partially but not completely located the script will produce a PNG graphic showing exactly which blocks of the graphic have been located. This technique is extremely time and processor intensive, and does not work for unknown broken files. We hypothesize that we can use Hierarchical Self-Organizing Map algorithms in order to classify broken chains of previously unknown files, and in the future reconstruct them in order to be examined by the digital forensic examiner using the block-based hash analysis technique. | en |
| dc.format.extent | 6 | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Proceedings - 3rd International Conference on Emerging Intelligent Data and Web Technologies, EIDWT 2012 | |
| dc.subject | block-based hash map analysis | |
| dc.subject | digital forensic investigations | |
| dc.subject | reconstructing broken files | |
| dc.subject | Artificial Intelligence | |
| dc.subject | Computer Networks and Communications | |
| dc.subject | Information Systems | |
| dc.title | Forensically classifying files using HSOM algorithms | en |
| dc.contributor.institution | Centre for AI and Robotics Research | |
| dc.contributor.institution | Department of Computer Science | |
| dc.contributor.institution | School of Physics, Engineering & Computer Science | |
| dc.contributor.institution | Cybersecurity and Computing Systems | |
| dc.contributor.institution | Networks and Security Research Centre | |
| dc.identifier.url | http://www.scopus.com/inward/record.url?scp=84870734958&partnerID=8YFLogxK | |
| rioxxterms.versionofrecord | 10.1109/EIDWT.2012.46 | |
| rioxxterms.type | Other | |
| herts.preservation.rarelyaccessed | true | |
