Advertisement
Articles
Advertisement

Data Reduction Software Accelerates Investigations

Sun, 07/07/2013 - 9:39pm

Data reduction—eliminating “known” files, such as operating system and application files, during an investigation—is a critical component of the computer forensics process. If a specific file’s profile and signature match the database of “known” files, that file can be excluded from review, saving investigators valuable time. Data reduction—eliminating “known” files, such as operating system and application files, during an investigation—is a critical component of the computer forensics process.

If a specific file’s profile and signature match the database of “known” files, that file can be excluded from review, saving investigators valuable time. Only those files that don’t match would be subject to further investigation.

Computer forensics software can automate this process.

NIST has created a National Software Reference Library, which is designed to collect software from various sources and incorporate file profiles from the software into a Reference Data Set (RDS) of information. The RDS is a collection of digital signatures of known, traceable software applications. It currently contains data for about 11,000 software apps. Using RDS data imported into commercial data reduction software, “known” file filters give managers investigating an incident a repository of “ignorable” files.

From: Data Reduction Software Accelerates Computer Forensic Investigations by Richard W. Walker

Topics

Advertisement

Share this Story

X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading