Data Recovery Function Testing for Digital Forensic Tools
نویسندگان
چکیده
Many digital forensic tools used by investigators were not originally designed for forensic applications. Even in the case of tools created with the forensic process in mind, there is the issue of assuring their reliability and dependability. Given the nature of investigations and the fact that the data collected and analyzed by the tools must be presented as evidence, it is important that digital forensic tools be validated and verified before they are deployed. This paper engages a systematic description of the digital forensic discipline that is obtained by mapping its fundamental functions. The function mapping is used to construct a detailed function-oriented validation and verification framework for digital forensic tools. This paper focuses on the data recovery function. The data recovery requirements are specified and a reference set is presented to test forensic tools that implement the data recovery function.
منابع مشابه
Comparative Study and Simulation of Digital Forensic Tools
The cyber crimes such as online banking fraud, credit card theft, child pornography, intellectual property theft, identity theft, unauthorized intrusion, money laundering, digital piracy etc. are growing rapidly with technology. Desktops, smartphones, laptops, digital cameras, GPS devices and even watches all can be used to aid a fraud. All this devices leave behind a digital footprint. Gatheri...
متن کاملData Recovery from Windows CE Based Handheld Devices
Data hiding creates serious problems for digital forensic practitioners attempting to recover evidence. It is possible to conceal large amounts of sensitive data in handheld devices in a manner that prevents their recovery using standard forensic tools. This paper describes a technique for recovering data stored in the slack memory of Windows CE based devices. A case study involving data hiding...
متن کاملData Extraction from Damage Compressed File for Computer Forensic Purposes
Nowadays compressed files are very widespread and can be considered, without any doubt, with regard to the Digital Forensic realm, an important and precious source of probatory data. This is especially true when in a digital investigation the examiner has to deal with corrupted compressed files, which have been gathered in the collection phase of the investigative process. Therefore, in the com...
متن کاملSignificance of Hash Value Generation in Digital Forensic: A Case Study
–Digital forensics tools frequently use to calculate the hash value of digital evidence drive. MD5 and SHA hash function is used in digital forensic tools to calculate and verify that a data set has not been altered, due to the application of various evidence collection and analysis tools and procedures. Additionally, due to the impact on the personal life of the subject of an investigation, ve...
متن کاملOn the use of data visualization techniques to support digital forensic analysis: A survey of current approaches
The task of analysis within the digital forensic investigation lifecycle is examined and the support provided for its constituent activities by a representative sample of forensic tools evaluated. It is suggested that the core activity of analysis (i.e. the derivation of a testable high-level hypothesis or narrative of user behaviour) is a creative activity which depends primarily on the experi...
متن کامل