Skip to main content

Research Repository

Advanced Search

Fast Filtering of Known PNG Files Using Early File Features

McKeown, Sean; Russell, Gordon; Leimich, Petra

Authors



Abstract

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual digests with a database of known contraband. However, the large capacities of modern storage media, and increased time pressure on forensics examiners, necessitates that more efficient processing mechanisms be developed. This work describes a technique for creating signatures for images of the PNG format which only requires a tiny fraction of the file to effectively distinguish between a large number of images. Highly distinct, and compact, such analysis lays the foundation for future work in fast forensics filtering using subsets of evidential data.

Citation

McKeown, S., Russell, G., & Leimich, P. (2017). Fast Filtering of Known PNG Files Using Early File Features. In Proceedings of the Conference on Digital Forensics, Security and Law

Conference Name Annual Conference on Digital Forensics, Security and Law
Conference Location Daytona Beach, Florida
Start Date May 15, 2017
End Date May 16, 2017
Acceptance Date Feb 27, 2017
Publication Date 2017
Deposit Date Apr 7, 2017
Publicly Available Date Mar 28, 2024
Series ISSN 1931-7379
Book Title Proceedings of the Conference on Digital Forensics, Security and Law
Keywords digital forensics, file filtering, image comparison, image processing, known file analysis
Public URL http://researchrepository.napier.ac.uk/Output/810782
Related Public URLs http://commons.erau.edu/adfsl/2017/papers/1

Files

Fast filtering of known PNG files using early file features (527 Kb)
PDF

Publisher Licence URL
http://creativecommons.org/licenses/by-nc-nd/4.0/

Copyright Statement
This Peer Reviewed Paper is brought to you for free and open access by the Conferences at Scholarly Commons. It has been accepted for inclusion in Annual ADFSL Conference on Digital Forensics, Security and Law by an authorized administrator of Scholarly Commons. For more information, please contact commons@erau.edu.







You might also like



Downloadable Citations