Open AccessUnderstanding the effects of removing common blocks on Approximate Matching scores under different scenarios for digital forensic investigations
Author(s) -
Vitor Hugo Galhardo Moia,
Frank Breitinger,
Marco Aurélio Amaral Henriques
Publication year - 2019
Language(s) - English
Resource type - Conference proceedings
DOI - 10.5753/sbseg.2019.13966
Subject(s) - similarity (geometry) , matching (statistics) , computer science , digital forensics , data mining , precision and recall , hash function , interpretation (philosophy) , pattern recognition (psychology) , artificial intelligence , information retrieval , mathematics , statistics , image (mathematics) , computer security , programming language
Finding similarity in digital forensics investigations can be assisted with the use of Approximate Matching (AM) functions. These algorithms create small and compact representations of objects (similar to hashes) which can be compared to identify similarity. However, often results are biased due to common blocks (data structures found in many different les regardless of content). In this paper, we evaluate the precision and recall metrics for AM functions when removing common blocks. In detail, we analyze how the similarity score changes and impacts different investigation scenarios. Results show that many irrelevant matches can be ltered out and that a new interpretation of the score allows a better similarity detection.