CHAPTER 5

Artifact Analysis

Once the external (serialized) representation of a digital artifact, such as a text document, or an image, is standardized, it provides a convenient level of abstraction allowing the development of artifact-centric forensic techniques.

5.1  FINDING KNOWN OBJECTS: CRYPTOGRAPHIC HASHING

The lowest common denominator for all digital artifacts is to consider them a sequence of bits/bytes without trying to parse, or assign any semantics to them. Despite this low level of abstraction, there are some very important problems that can be addressed, and the most important one is to identify known content.

Cryptographic hashing is the first tool of choice in investigating any case; it provides the basic means to validate data ...

Get Digital Forensic Science now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.