Automated Forensic Document Fingerprinting
Detection of unauthorized network communication of sensitive information.Detection of document or file misuse including copying, deletion, and modificationEvidence discovery based on an individual userAbility to detect when a document is atypical for a certain userInvention can also be used for intrusion response since the signatures of files associated with the attack can be recovered.Therecovered signatures can be used to examine across systems for similarintrusion and provide early detection to prevent intrusion from similarattack.
According to a 2006 FBI report, 44 percent of all computer-relatedcrimes are carried out by people within organizations. Proprietarycompany information, advanced commercial or military technology, andintellectual property lost as a result of poor cybersecurity have anegative impact on the financial bottom line of many companies andgovernment agencies. While software and firewalls exist to help preventnetwork intrusions from external sources, software that tracksdocuments within organizations is lacking. A novel, proactive approachfor computer forensic investigations has been developed at GeorgetownUniversity. For every file or database entry that is created, deleted,modified, or copied, a small amount of information about the file ordatabase entry called a "signature," is created and stored away. Thefingerprints can identify a file or database entry by its content andcan accommodate small format modifications. When provided with adocument of interest, whether a hard copy or an electronic copy, aquery signature can be created. Stored signatures are then retrievedfrom storage and compared to the query signature. The comparison can beperformed on signatures, the fingerprints within the signatures, or onboth. The invention's ability to capture user operation allows it tonotify the administrator of any misuse, such as copying, modification,movement, or deletion.
美國
