We present FiFTy, a modern file-type identification tool for memory forensics and data carving. In contrast to previous approaches based on hand-crafted features, we design a compact neural network architecture, which uses a trainable embedding space. Our approach dispenses with the explicit feature extraction which has been a bottleneck in legacy systems. We evaluate the proposed method on a novel dataset with 75 file-types _ the most diverse and balanced dataset reported to date. FiFTy consistently outperforms all baselines in terms of speed, accuracy and individual misclassification rates. We achieved an average accuracy of 77.5% with processing speed of ≈38\approx 38 sec/GB, which is better and more than an order of magnitude faster than the previous state-of-the-art tool - Sceadan (69% at 9 min/GB). Our tool and the corresponding dataset is open-source.

中文翻译：

---

FiFTy：使用卷积神经网络进行大规模文件片段类型识别


我们推出 FiFTy，一种用于内存取证和数据雕刻的现代文件类型识别工具。与以前基于手工制作特征的方法相比，我们设计了一个紧凑的神经网络架构，它使用可训练的嵌入空间。我们的方法消除了显式特征提取，这一直是遗留系统的瓶颈。我们在具有 75 种文件类型的新颖数据集上评估所提出的方法 - 这是迄今为止报告的最多样化和平衡的数据集。 FiFTy 在速度、准确性和个体错误分类率方面始终优于所有基线。我们实现了 77.5% 的平均准确率，处理速度约为 38\约 38 秒/GB，比之前最先进的工具 Sceadan 更好，速度快一个数量级以上（9 时为 69%）分钟/GB）。我们的工具和相应的数据集是开源的。