Application of Bloom Filters in Digital Forensics – Identifying Hard to Detect Data from Partial Evidentiary Hashes

PDF

Authors
  1. Carbone, R.
Corporate Authors
Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN)
Abstract
You may have heard of Bloom filters, but did you know that modified versions of them could be used for disk forensics? Although straightforward to use, understanding them will require briefly looking at the mathematics behind them. In this article, we will look at the theory behind Bloom filters and how we might use them for disk based digital forensics. We will be following up this article with a second part that will demonstrate several real-world example applications of modified Bloom filter-based forensics.
Keywords
forensics;bloom filters;hash;file hash;stream oriented hashing;block based hashing
Report Number
DRDC-RDDC-2015-P050 — External Literature
Date of publication
14 Aug 2015
Number of Pages
5
DSTKIM No
CA040844
CANDIS No
801908
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: