- Fast Disk Analysis with Random Sampling
-
Dr. Simson Garfinkel, NPS
-
In Fast Disk Analysis with Random Sampling, a new method for rapidly characterizing the forensic contents of a hard drive or other storage
devices using random sampling will be presented. Using this method, it is possible to rapidly determine with a high degree of confidence
whether or not large storage devices have been properly cleared of data from previous use. Next, we shall show how the method can be extended
to characterize the kind of information stored on a storage device through a combination of statistical sampling and file fragment identification.
We shall present highly accurate file fragment identifiers developed using a new technique that employs grid search runs on a medium-sized
cluster to tune algorithms developed by hand using introspection. Finally, we shall present real-world applications of this technology to
identify the percentage of images and encrypted data stored on a 160GB Apple iPod in less than two minutes.
|