Skip to main content
SpringerLink
Log in
Book cover

Future Information Technology pp 329–336Cite as

Investigating and Measuring Capabilities of the Forensics File Carving Techniques

  • Conference paper

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 276))

Abstract

File carving is a type of digital forensics recovery technique which focuses on recovering files from digital media without using file system metadata. This technique can be used in several situations such as recovering deleted files or recovering files from storage media with corrupted or unknown file systems. This paper explores and discusses the existing theory of file carving techniques. We conduct experimental testing for some of the current state of the art carving tools. These experiments will measure various criteria such as precision, recall and overall system performance.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Garfinkel, S.L.: Carving contiguous and fragmented files with fast object validation. Digital investigation 4(1), 2–12 (2007)

    Article  Google Scholar 

  2. Richard III, G.G.: Scalpel: A Frugal, High Performance File Carver. In: Digital Forensics Research Workshop, New Orleans, LA, pp. 1–10 (2005)

    Google Scholar 

  3. PhotoRec, Digital Picture and File Recovery (January 2013), http://www.cgsecurity.org/wiki/PhotoRec

  4. Forensic Toolkit (FTK) 3.4.1 Download Page (December 2012), http://www.accessdata.com/ftk-3-4

  5. Wouters, W.: BMP Format. Clean Coding Company, Tech. Rep. v1.1 (1997)

    Google Scholar 

  6. Foremost (2012), http://foremost.sourceforge.net/

  7. reviveit. Online (March 2013), https://code.google.com/p/reviveit/

  8. Grossman, D.A., Frieder, O.: Introduction. In: Information Retrieval Algorithms and Heuristics, ch.1, pp. 1–8. Springer, Netherland (2004)

    Chapter  Google Scholar 

  9. Kloet, S.J.J.: Measuring and Improving the Quality of File Carving Methods. MSc thesis, Eindhoven University of Technology, Department of Mathematics and Computer Science, The Netherlands (2007)

    Google Scholar 

  10. Manning, C.D., Schütze, H.: Lexical Acquisition. In: Foundations of Statistical Natural Language Processing, ch. 8, pp. 265–314. MIT Press, Cambridge (1999)

    Google Scholar 

  11. Mikus, N.: Basic Data Carving Test #1 (March 2005), http://dftt.sourceforge.net/test11/index.html

  12. Mikus, N.: Basic Data Carving Test #2 (March 2005), http://dftt.sourceforge.net/test12/index.html

  13. DFRWS 2006 Forensics Challenge File Image Details (2006), http://www.dfrws.org/2006/challenge/

  14. Metz, J., Kloet, B., Mora, R.J.: Analysis of 2007 DFRWS Forensic carving challenge, Hoffmann Investigations. Tech. Rep., Netherlands (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Khalifa University of Science, Technology and Research, Abu Dhabi, United Arab Emirates

    Khawla Alghafli, Andrew Jones & Thomas Martin

Authors
  1. Khawla Alghafli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew Jones
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Martin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Khawla Alghafli .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul University of Science & and Technology (SeoulTech), Seoul, Korea, Republic of (South Korea)

    James J. (Jong Hyuk) Park

  2. SEECS, University of Ottawa, Ottawa, Ontario, Canada

    Ivan Stojmenovic

  3. School of Information and Communication Engineering, Chungbuk National University, Chungbuk, Korea, Republic of (South Korea)

    Min Choi

  4. Department of Languages and Informatics Systems, Polytechnic University of Catalonia, Barcelona, Spain

    Fatos Xhafa

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alghafli, K., Jones, A., Martin, T. (2014). Investigating and Measuring Capabilities of the Forensics File Carving Techniques. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds) Future Information Technology. Lecture Notes in Electrical Engineering, vol 276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40861-8_47

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40861-8_47

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40860-1

  • Online ISBN: 978-3-642-40861-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation