Show simple item record

dc.contributor.authorMokhov, Serguei A.
dc.contributor.authorDebbabi, Mourad
dc.contributor.editorGöbel, Oliver
dc.contributor.editorFrings, Sandra
dc.contributor.editorGünther, Detlef
dc.contributor.editorNedon, Jens
dc.contributor.editorSchadt, Dirk
dc.date.accessioned2019-06-04T11:30:43Z
dc.date.available2019-06-04T11:30:43Z
dc.date.issued2008
dc.identifier.isbn978-3-88579-234-5
dc.identifier.issn1617-5468
dc.identifier.urihttp://dl.gi.de/handle/20.500.12116/23599
dc.description.abstractThe Unix file utility determines file types of regular files by examining usually the first 512 bytes of the file that often contain some magic header information or typical header information for binary files or common text file fragments; otherwise, it defers to the OS-dependent stat () system call. It combines that heuristics with the common file extensions to give the final result of classification. While file is fast and small, and its magic database is "serviceable" by expert users, for it to recognize new file types, perhaps with much finer granularity it requires code and/or magic database updates and a patch release from the core developers to recognize new file types correctly. We propose an alternative file-like utility in determining file types with much greater flexibility that can learn new types on the user's side and be integrated into forensic toolkits as a plug-in that relies on the file-like utility and uses signal processing techniques to compute the "spectral signatures" of file types. We present the work-in-progress of the design and implementation of such a tool based on MARF's collection of algorithms and the selection of the best combination and the integration of the tool into a forensic toolkit to enhance the tool, called fileType with the automatic machine learning capabilities of the new file types. We compare the advantages and disadvantages of our approach with the file utility in terms of various metrics and apply the new tool to learn known stego files to attempt to classify potential unknown stego files and compare the results with stegdetect.en
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofIMF 2008 – IT Incident Management & IT Forensics
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-140
dc.titleFile type analysis using signal processing techniques and machine learning vs. file Unix Utility for forensic analysisen
dc.typeText/Conference Paper
dc.pubPlaceBonn
mci.reference.pages73-85
mci.conference.sessiontitleRegular Research Papers
mci.conference.locationMannheim
mci.conference.dateSeptember, 23-25, 2008


Files in this item

Thumbnail

Show simple item record