•  
  •  
 

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

Data carving is a technique used in data recovery to isolate and extract files based on file content without any file system guidance. It is an important part of data recovery and digital forensics, but it is also useful in teaching computer science students about file structure and binary encoding of information especially within a digital forensics program. This work demonstrates how the authors teach data carving using a real world problem they encounter in digital forensics evidence processing involving the extracting of text messages from unstructured small device binary extractions. The authors have used this problem for instruction in digital forensics courses and in other computer science courses.

References

Breeuwsma, M., de Johngh, M., Klaver, C., van der Knijff, R., & Roeloffs, M. (2007). Forensic Data Recovery from Flash Memory. Small Scale Digital Device Forensics Journal, 1 (1), 1-17

Cantrell, G. and Dampier, D. (2013), “Implementing the automated phases of the partially-automated digital triage process model”, Journal of Digital Forensics, Security and Law, Vol 7, No 4.

Cantrell, G., Dampier, D., Y. Dandass, Niu, Y., and Bogen, C. (2012), “Research Toward a Partially-automated, and Crime Specific Digital Triage Process Model,” Computer and Information Science, vol. 5, no. 2, pp. 29–38.

Christiansen, T. D Foy, B., Wall, L. and Orwant, J. (2012), “Programming perl: Unmatched power for text processing and scripting Fourth edition,” O’Reilly Media, Sebastopol, CA.

Garfinkel, S. L. (2009). Automating Disk Forensic Processing with SleuthKit, XML and Python. Systematic Approaches to Digital Forensic Engineering, 2009, (pp. 73-84).

Henry-Labordere, A. (2004), “SMS and MMS interworking in mobile networks,” Artech House, Norwood, MA.

Lessard, J. and Kessler, G. (2010), “Android forensics: Simplifying cell phone examinations,” Small Scale Digital Device Forensics Journal. Vol. 4, No. 1.

McCarthy, P. (2005). Forensic Analysis of Mobile Phones. University of South Australia, School of Computer and Information Science. Mawson Lakes: University of South Australia.

Mislan, R.P., Casey E., and Kessler, G.C. (2010), “The growing need for on-scene triage of mobile devices,” Digital Investigation, vol. 6, no. 3-4, 2010, pp. 112 – 124.

Richard III, G. and Roussev, V, (2005), “Scalpel: A frugal, high performance file carver,” Digital Forensics Research Workshop, New Orleans, LA.

Walls, R., Levine, B, and Learned-Miller, G. (2011), “Forensic triage for mobile phones with DEC0DE" USENIX Security Symposium (2011). Available at: http:// works.bepress.com/erik_learned_miller/52

Zimmermann, C., Spreitzenbarth, and M, Schmitt, S., (2011), Reverse Engineering of the Android File System (YAFFS2). Technical Report CS-2011-06, Friedrich-Alexander-University of Erlangen-Nuremberg.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.