Performance Analysis of File Carving Tools
نویسنده
چکیده
File carving is the process of recovering files based on the contents of a file in scenarios where file system metadata is unavailable. In this research a total of 6 file carving tools were tested and reviewed to evaluate the performance quality of each. Comparison of findings to a previous similar study was conducted and showed variable performance advances. A new file carving data set was also authored and testing determined that the wider variety of file types and structures proved challenging for most tools to efficiently recover a high percentage of files. Results also highlighted the ongoing issue with complete recovery and reassembly of fragmented files. Future research is required to provide digital forensic investigators & data recovery practitioners with efficient and accurate file carving tools to maximise file recovery and minimise invalid file output.
منابع مشابه
Scalpel: A Frugal, High Performance File Carver
File carving is an important technique for digital forensics investigation and for simple data recovery. By using a database of headers and footers (essentially, strings of bytes at predictable offsets) for specific file types, file carvers can retrieve files from raw disk images, regardless of the type of filesystem on the disk image. Perhaps more importantly, file carving is possible even if ...
متن کاملUsing parallel processing for file carving
File carving is one of the most important procedures in Digital Forensic Investigation (DFI). But it is also requires the most computational resources. Parallel processing on Graphics Processing Units have proven to be many times faster than when executed on standard CPU. This paper is inspecting the algorithms and methods to use parallel processing for development of file carving tools that wi...
متن کاملDesign tradeoffs for developing fragmented video carving tools
When conducting a digital forensic examination, there is sometimes a need to salvage as much playable video as possible from available data sources. Although an ideal outcome might be to have all deleted and partially overwritten file fragments identified, reassembled, and repaired to provide playable videos, there are situations where this is not possible. In addition, there are complexities i...
متن کاملForensic Data Carving
File or data carving is a term used in the field of Cyber forensics. Cyber forensics is the process of acquisition, authentication, analysis and documentation of evidence extracted from and/or contained in a computer system, computer network and digital media. Extracting data (file) out of undifferentiated blocks (raw data) is called as carving. Identifying and recovering files based on analysi...
متن کاملDatabase forensic analysis through internal structure carving
Forensic tools assist analysts with recovery of both the data and system events, even from corrupted storage. These tools typically rely on “file carving” techniques to restore files after metadata loss by analyzing the remaining raw file content. A significant amount of sensitive data is stored and processed in relational databases thus creating the need for database forensic tools that will e...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013