Automated Forensic Document Fingerprinting

Categories: “Computer Science

Reference #: 2007-030

OTC Contact: Zeinab Abouissa M.S. (Directory Information | Send a Message)


According to a 2006 FBI report, 44 percent of all computer-related crimes are carried out by people within organizations. Proprietary company information, advanced commercial or military technology, and intellectual property lost as a result of poor cybersecurity have a negative impact on the financial bottom line of many companies and government agencies. While software and firewalls exist to help prevent network intrusions from external sources, software that tracks documents within organizations is lacking. A novel, proactive approach for computer forensic investigations has been developed at Georgetown University. For every file or database entry that is created, deleted, modified, or copied, a small amount of information about the file or database entry called a “signature,” is created and stored away. The fingerprints can identify a file or database entry by its content and can accommodate small format modifications. When provided with a document of interest, whether a hard copy or an electronic copy, a query signature can be created. Stored signatures are then retrieved from storage and compared to the query signature. The comparison can be performed on signatures, the fingerprints within the signatures, or on both. The invention’s ability to capture user operation allows it to notify the administrator of any misuse, such as copying, modification, movement, or deletion.


This technology is a novel software application for monitoring modification, deletion, and misuse of sensitive electronic documents.


  • Detection of unauthorized network communication of sensitive information.
  • Detection of document or file misuse including copying, deletion, and modification
  • Evidence discovery based on an individual user
  • Ability to detect when a document is atypical for a certain user
  • Invention can also be used for intrusion response since the signatures of files associated with the attack can be recovered.
  • The recovered signatures can be used to examine across systems for similar intrusion and provide early detection to prevent intrusion from similar attack.

Stage of Development

Software is undergoing beta testing.

Relevant Publications

No relevant publications.


Thomas Shields, Ophir Frieder, and Marcus Maloof

Patent Status

Patent applications are currently pending.