University of Hertfordshire: Signature Analysis Reflection Report

Verified

Added on 2022/08/28

AI Summary

This report provides a reflection on signature analysis in the field of digital forensics. It explores the concept of digital file signatures, explaining how different file types have unique schemes for encoding information and how these are stored within the first few bytes of a file. The report discusses signature analysis as a process of comparing file headers and extensions to identify attempts to conceal file types, highlighting its role as a pattern-matching process against known attacks. It further examines the use of NIDS software and signature databases, as well as the two forms of signature analysis: serial and parallel. The report concludes by emphasizing the importance of signature analysis in identifying potential attempts to conceal files. The report also includes references to relevant literature on the topic.

Running head: - REFLECTION ON SIGNATURE ANALYSIS
REFLECTION ON SIGNATURE ANALYSIS
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1REFLECTION ON SIGNATURE ANALYSIS
Table of Contents
1. Signature Analysis in Digital Forensics:................................................................................2
2. References:.............................................................................................................................4

2REFLECTION ON SIGNATURE ANALYSIS
1. Signature Analysis in Digital Forensics:
Digital files consists of specific sequences that are arranged in the form of bits. Each
of the individual file type that I have come across in this module consists of individually
different schemes for encoding that put forwards the description of how the information is
particularly stored within the respective files (Mazzolini et al. 2020). This particular scheme
is called format of the file.
I have again seen that some of the file formats have the potentially capability to
consists of more than one type of content. This is more widely identified in the popular
formats of the file such as the files relative to the field of multimedia. For example, I have
seen the Ogg format that can store a wide range of files such as video, text, audios as well as
metadata inside a single container.
In regards to this, I have learnt through the module that majority of the digital files
have a particular signature stored at the first 20 bytes of the digital file (Toraskar et al. 2019).
I have found out that opening the file with the use of Hex editor, that particular signature is
visible and can be thoroughly checked.
Figure-1: Digital Signature
(Source- Toraskar et al. 2019)

3REFLECTION ON SIGNATURE ANALYSIS
The things that I have learnt throughout the module is that signature analysis refers to
a procedure of comparing the file headers as well as the extensions with the existing
databases along with the extensions to discover the primary attempt that might have been
made. This attempt would have been towards concealing the originally existing file type that
has been originally created.
Again, the signature analysis and the relative procedures can be termed as a pattern
matching process that matches the contents present in a data packet with the database. Such
patterns that I have examined correspond to some of the known attacks that are specifically
stored inside a database (Quick and Choo 2018). This pattern is explicitly examined against
another known pattern. Moreover, this whole procedure is termed as signature analysis.
I have seen the most commonly existing NIDS products that form a part of the
NIDDS software carry out the signature analysis against any of the existing database of any
known attack that might be a property of some vendor. The software that belongs to the client
shall have the capability to increase the scope associated with NIDS software with the help of
adding signatures to that of the existing database.
There is the shares existence of multiple software applications that have the
potentially ability to carry out such NIDS attacks such as the likes of Snort that is maintained
as well as updated by the community of users (Hamdi et al. 2016). The database that is
extensively utilized in this particular scenario is an ASCII file format.
I have studied two forms of signature analysis that have the existence, one being the
serial signature analysis and the other parallel signature analysis. Hence, it can be stated that
signature analysis in the field of digital forensics helps to identify if any attempts have been
made to particularly conceal a file that was originally created.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4REFLECTION ON SIGNATURE ANALYSIS
2. References:
Hamdi, D., Iqbal, F., Baker, T. and Shah, B., 2016, August. Multimedia file signature
analysis for smartphone forensics. In 2016 9th International Conference on Developments in
eSystems Engineering (DeSE) (pp. 130-137). IEEE.
Mazzolini, D., Pavan, P., Pirlo, G. and Vessio, G., 2020, January. Towards a Decision
Support Framework for Forensic Analysis of Dynamic Signatures. In Italian Research
Conference on Digital Libraries (pp. 9-14). Springer, Cham.
Toraskar, T., Bhangale, U., Patil, S. and More, N., 2019, July. Efficient Computer Forensic
Analysis Using Machine Learning Approaches. In 2019 IEEE Bombay Section Signature
Conference (IBSSC) (pp. 1-5). IEEE.
Quick, D. and Choo, K.K.R., 2018. Quick analysis of digital forensic data. In Big Digital
Forensic Data (pp. 5-28). Springer, Singapore.