Searching for Random Data in File System During Forensic Expertise
Vesta Matveeva* and Anna Epishkina
Cybernetics and Information Security Department, National Research Nuclear University “MEPhI” (Moscow Engineering Physics Institute), 31, Kashirskoe Highway, Moscow, Russian Federation.
ABSTRACT: During forensic expertise the searching for random data is an important step. Existing approaches are based on verification of statistical properties of file data by means of test suites that estimate properties of random sequences. Some tests are not adapted to file system and are resource and time consuming, others have significant type I and II error. That is why authors have conducted a research in this field and suggest a new approach to assess statistical properties of data contents by visualisation of it. This approach was used to develop a program which testing shows that type I error in searching for random data is reduced to zero and type II errors for widely spread file formats is less than 1%.
KEYWORDS: Digital forensics; Conceal data; Random data; Statistical tests; Encrypted data; Assessment of uniformity; Localization of heterogeneity; Wavelet transform; Compressed file formats
Download this article as:Copy the following to cite this article: Matveeva V, Epishkina A.Searching for Random Data in File System During Forensic Expertise. Biosci Biotech Res Asia 2015;12(1) |
Copy the following to cite this URL: Matveeva V, Epishkina A.Searching for Random Data in File System During Forensic Expertise. Biosci Biotech Res Asia 2015;12(1).Available from: https://www.biotech-asia.org/?p=6134> |