Title: myEntropy: a file type identification tool using entropy scoring

Authors: Tay Xin Hui; Kamaruddin Malik Mohamad; Nurul Hidayah Ab Rahman

Addresses: Information Security Interest Group (ISIG), Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn, Malaysia ' Information Security Interest Group (ISIG), Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn, Malaysia ' Information Security Interest Group (ISIG), Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn, Malaysia

Abstract: myEntropy is an entropy calculator tool that is designed as a proof of concept to obtain the file entropy scoring for file type identification to facilitate digital investigations in file type-based attacks. myEntropy tool is developed by employing the entropy technique to obtain the entropy scoring for three types of file: SQL files, SWF files and JAVA files. Thus, entropy analysis experiments were undertaken using the benchmark datasets with a total of 250 files for each file type. The obtained file entropy values are then analysed to acquire the average entropy values and the entropy range. The results show that SWF files present a highly compressible file, JAVA files possess a higher probability to be compressed and SQL files present a higher probability for a given file to be compressed. These results would be beneficial to investigators to quickly limit their focus on information units based on the specific target.

Keywords: digital forensics; entropy; entropy scoring; file type identification; FTI.

DOI: 10.1504/IJESDF.2022.120008

International Journal of Electronic Security and Digital Forensics, 2022 Vol.14 No.1, pp.76 - 95

Received: 12 Sep 2020
Accepted: 13 Jan 2021
Published online: 04 Jan 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article