A fast scheme for recovery of deleted files with evidential recording for digital forensics
نویسندگان
چکیده
In this paper we present a practical method for recovery of deleted files from a locally accessible data storage, such as an HDD, with an optional recording of evidential information about the recovery process. Our approach puts strong emphasis on the practical aspect of file recovery and evidence recording as well as the accessibility of the required tools. This makes it useful for a variety of tasks ranging from simple recovery of personal files to collection of evidence in digital forensic processes.
منابع مشابه
File System Journal Forensics
Journaling is a relatively new feature of modern file systems that is not yet exploited by most digital forensic tools. A file system journal caches data to be written to the file system to ensure that it is not lost in the event of a power loss or system malfunction. Analysis of journal data can identify which files were overwritten recently. Indeed, under the right circumstances, analyzing a ...
متن کاملDigital Watermarking of Virtual Machine Images
The widespread use of server and desktop virtualization technologies increases the likelihood of unauthorized and uncontrolled distribution of virtual machine (VM) images that contain proprietary software. This paper attempts to address this issue using a platform-independent digital watermarking scheme applicable to a variety of VM images. The scheme embeds a watermark in the form of files in ...
متن کاملSignature analysis and Computer Forensics
Computer Forensics is a process of using scientific knowledge to collect, analyze and present digital evidence to court or tribunals. Since files are the standard persistent form of data on computers, the collection, analysis and presentation of computer files as digital evidence is of utmost essential in Computer Forensics. However, data can be hidden behind files and can be enough to trick th...
متن کاملDigital Forensonomics – the Economics of Digital Forensics
This paper introduces the economics of digital forensics (EDF) and describes the use of template patterns based on Bayesian network architectures for producing cost effective digital forensic investigations, making use of econometric quantities such as return on investment or cost benefit ratio to prioritise the recovery of digital evidential traces. A case study involving an actual distributed...
متن کاملIdentifying almost identical files using context triggered piecewise hashing
Homologous files share identical sets of bits in the same order. Because such files are not completely identical, traditional techniques such as cryptographic hashing cannot be used to identify them. This paper introduces a new technique for constructing hash signatures by combining a number of traditional hashes whose boundaries are determined by the context of the input. These signatures can ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009