Open AccessFeature‐based Type Identification of File Fragments
Author(s) -
Amirani Mehdi Chehel,
Toorani Mohsen,
Mihandoost Sara
Publication year - 2013
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.553
Subject(s) - computer science , metadata , torrent file , file format , classifier (uml) , digital forensics , network packet , computer file , block (permutation group theory) , data file , data mining , stub file , artificial intelligence , database , operating system , computer network , geometry , mathematics
Digital information is packed into files when it is going to be stored on storage media. Each computer file is associated with a type. Type detection of computer data is a building block in different applications of computer forensics and security. Traditional methods were based on file extensions and metadata. The content‐based method is a newer approach with the lowest probability of being spoofed and is the only way for type detection of data packets and file fragments. In this paper, a content‐based method that deploys principle component analysis and neural networks for an automatic feature extraction is proposed. The extracted features are then applied to a classifier for the type detection. Our experiments show that the proposed method works very well for type detection of computer files when considering the whole content of a file. Its accuracy and speed is also significant for the case of file fragments, where data is captured from random starting points within files, but the accuracy differs according to the lengths of file fragments. Copyright © 2012 John Wiley & Sons, Ltd.