On the role of file system metadata in digital forensics
نویسندگان
چکیده
Most of the effort in today’s digital forensics community lies in the retrieval and analysis of existing information from computing systems. Little is being done to increase the quantity and quality of the forensic information on today’s computing systems. In this paper we pose the question of what kind of information is desired on a system by a forensic investigator. We give an overview of the information that exists on current systems and discuss its shortcomings. We then examine the role that file system metadata plays in digital forensics and analyze what kind of information is desirable for different types of forensic investigations, how feasible it is to obtain it, and discuss issues about storing the information.
منابع مشابه
Analyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملCooperative mode: Comparative storage metadata verification applied to the Xbox 360
This work addresses the question of determining the correctness of forensic file system analysis software. Current storage systems are built on theory that is robust but not invincible to faults, from software, hardware, or adversaries. Given a parsing of a storage system of unknown provenance, the lack of a sound and complete analytic theory means the parsing's correctness cannot be proven. Ho...
متن کاملOn metadata context in Database Forensics
Database Forensics is an important topic that has received hardly any research attention. This paper starts from the premise that this lack of research is due to the inherent complexity of databases that is not fully understood in a forensic context yet. The paper considers the relevant differences between file systems and databases and then transfers concepts of File System Forensics to Databa...
متن کاملImplementation of Greedy Sequential Unique Path
Digital Forensic Analyst encounters a mixed file fragments in the absence of File Table information i.e., files‟ metadata. File Carving is a process of reconstructing files from mixed file fragments without using files‟ metadata. File Carving is an interesting and challenging problem in digital forensics and Data Recovery. Recently there have been number of research papers in the area of File C...
متن کاملAccuracy of an Intraoral Digital System for File Length Measurement
Introdouction: Canal length measurement is essential for proper endodontic treatment. Any error or miscalculation in working length determination, particularly in curved canals, can result in complications during or after root canal therapy. Digital radiography has enabled accurate measurement of curved canal length. In this study, we evaluated the accuracy of calibration of a complementary m...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Digital Investigation
دوره 1 شماره
صفحات -
تاریخ انتشار 2004