Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP International Conference on Digital Forensics

DigitalForensics 2013: Advances in Digital Forensics IX pp 101–117Cite as

  1. Home
  2. Advances in Digital Forensics IX
  3. Conference paper
Reducing the Time Required for Hashing Operations

Reducing the Time Required for Hashing Operations

  • Frank Breitinger3,4 &
  • Kaloyan Petrov5 
  • Conference paper

  • 1474 Accesses

  • 2 Citations

  • 7 Altmetric

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 410)

Abstract

Due to the increasingly massive amounts of data that need to be analyzed in digital forensic investigations, it is necessary to automatically recognize suspect files and filter out non-relevant files. To achieve this goal, digital forensic practitioners employ hashing algorithms to classify files into known-good, known-bad and unknown files. However, a typical personal computer may store hundreds of thousands of files and the task becomes extremely time-consuming. This paper attempts to address the problem using a framework that speeds up processing by using multiple threads. Unlike a typical multithreading approach, where the hashing algorithm is performed by multiple threads, the proposed framework incorporates a dedicated prefetcher thread that reads files from a device. Experimental results demonstrate a runtime efficiency of nearly 40% over single threading.

Keywords

  • File hashing
  • runtime performance
  • file handling
  • prefetching

Download conference paper PDF

References

  1. D. Alcantara, A. Sharf, F. Abbasinejad, S. Sengupta, M. Mitzenmacher, J. Owens and N. Amenta, Real-time parallel hashing on the GPU, ACM Transactions on Graphics, vol. 28(5), article no. 154, 2009.

    Google Scholar 

  2. C. Altheide and H. Carvey, Digital Forensics with Open Source Tools, Syngress, Waltham, Massachusetts, 2011.

    Google Scholar 

  3. H. Baier and F. Breitinger, Security aspects of piecewise hashing in computer forensics, Proceedings of the Sixth International Conference on IT Security Incident Management and IT Forensics, pp. 21–36, 2011.

    CrossRef  Google Scholar 

  4. A. Baxter, SSD vs. HDD ( www.storagereview.com/ssd_vs_hdd ), 2012.

  5. B. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, vol. 13(7), pp. 422–426, 1970.

    CrossRef  MATH  Google Scholar 

  6. F. Breitinger and H. Baier, Performance issues about context-triggered piecewise hashing, Proceedings of the Third International ICST Conference on Digital Forensics and Cyber Crime, pp. 141–155, 2011.

    Google Scholar 

  7. F. Breitinger and H. Baier, Similarity preserving hashing: Eligible properties and a new algorithm mrsh-v2, Proceedings of the Fourth International ICST Conference on Digital Forensics and Cyber Crime, 2012.

    Google Scholar 

  8. L. Chen and G. Wang, An efficient piecewise hashing method for computer forensics, Proceedings of the First International Workshop on Knowledge Discovery and Data Mining, pp. 635–638, 2008.

    CrossRef  Google Scholar 

  9. J. Kornblum, Identifying almost identical files using context triggered piecewise hashing, Digital Investigation, vol. 3(S), pp. S91–S97, 2006.

    CrossRef  Google Scholar 

  10. A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, Florida, 1997.

    MATH  Google Scholar 

  11. G. Moore, Cramming more components onto integrated circuits, Electronics Magazine, pp. 114–117, April 19, 1965.

    Google Scholar 

  12. National Institute of Standards and Technology, Secure Hash Standard, FIPS Publication 180-3, Gaithersburg, Maryland, 2008.

    Google Scholar 

  13. National Institute of Standards and Technology, National Software Reference Library, Gaithersburg, Maryland ( www.nsrl.nist.gov ), 2012.

  14. L. Noll, FNV hash ( www.isthe.com/chongo/tech/comp/fnv/index.html ), 2012.

  15. R. Rivest, MD5 Message-Digest Algorithm, RFC 1321, 1992.

    Google Scholar 

  16. V. Roussev, Data fingerprinting with similarity digests, in Advances in Digital Forensics VI, K. Chow and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 207–226, 2010.

    CrossRef  Google Scholar 

  17. V. Roussev, An evaluation of forensic similarity hashes, Digital Investigation, vol. 8(S), pp. S34–S41, 2011.

    CrossRef  Google Scholar 

  18. S. Sumathi and S. Esakkirajan, Fundamentals of Relational Database Management Systems, Springer-Verlag, Berlin Heidelberg, Germany, 2010.

    Google Scholar 

  19. S. Woerthmueller, Multithreaded file I/O, Dr. Dobb’s Journal, September 28, 2009.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Applied Sciences, Darmstadt, Germany

    Frank Breitinger

  2. Center for Advanced Security Research Darmstadt (CASED), Darmstadt, Germany

    Frank Breitinger

  3. Institute of Information and Communication Technologies, Bulgarian Academy of Sciences, Sofia, Bulgaria

    Kaloyan Petrov

Authors
  1. Frank Breitinger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kaloyan Petrov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Air Force Institute of Technology, Wright-Patterson Air Force Base, 45433-7765, OH, USA

    Gilbert Peterson

  2. University of Tulsa, 74104-3189, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 IFIP International Federation for Information Processing

About this paper

Cite this paper

Breitinger, F., Petrov, K. (2013). Reducing the Time Required for Hashing Operations. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics IX. DigitalForensics 2013. IFIP Advances in Information and Communication Technology, vol 410. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41148-9_7

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/978-3-642-41148-9_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41147-2

  • Online ISBN: 978-3-642-41148-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

65.108.231.39

Not affiliated

Springer Nature

© 2023 Springer Nature