Skip to main content
SpringerLink
Log in

A Strategy for Testing Metadata Based Deleted File Recovery Tools

  • Conference paper
Digital Forensics and Cyber Crime (ICDF2C 2011)

Included in the following conference series:

  • 1557 Accesses

Abstract

Deleted file recovery tools use residual metadata left behind after files are deleted to reconstruct deleted files. File systems use metadata to keep track of the location of user files, time stamps of file activity, file ownership and file access permissions. When a file is deleted, many file systems do not actually remove the file content, but mark the file blocks as available for reuse by future file allocations. This paper describes a strategy for testing forensic tools that recover deleted files from the residual metadata that can be found after a file has been deleted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Carrier, B.: File System Forensic Analysis. Addison Wesley, New York (2005)

    Google Scholar 

  2. Garfinkel, S.L.: Carving contiguous and fragmented files with fast object validation. In: DFRWS, pp. S2–S12. Elsevier Ltd. (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Standards and Technology, USA

    James R. Lyle

Authors
  1. James R. Lyle
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science and Informatics, University College Dublin, 4, Dublin, Ireland

    Pavel Gladyshev

  2. Department of Computer and Information Technology, Purdue University, 47907, West Lafayette, IN, USA

    Marcus K. Rogers

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Lyle, J.R. (2012). A Strategy for Testing Metadata Based Deleted File Recovery Tools. In: Gladyshev, P., Rogers, M.K. (eds) Digital Forensics and Cyber Crime. ICDF2C 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 88. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35515-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35515-8_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35514-1

  • Online ISBN: 978-3-642-35515-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation