Improved deleted file recovery technique for Ext2/3 filesystem

Improved deleted file recovery technique for Ext2/3 filesystem

Digital devices are increasingly being used in various crimes, and therefore, it becomes important for law enforcement agencies to be able to investigate and analyze digital devices. Accordingly, there is an increasing demand for digital forensic technologies which can recover the data concealed or...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The Journal of supercomputing 2014-10, Vol.70 (1), p.20-30
Hauptverfasser: Lee, Seokjun, Shon, Taeshik
Format: Artikel
Sprache:eng
Schlagworte:
Compilers
Computer Science
Interpreters
Processor Architectures
Programming Languages
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Digital devices are increasingly being used in various crimes, and therefore, it becomes important for law enforcement agencies to be able to investigate and analyze digital devices. Accordingly, there is an increasing demand for digital forensic technologies which can recover the data concealed or deleted by criminals that are of prime importance. There are various digital forensic tools available for Windows-based systems and relatively a few of those for Linux-based systems. Thus, this paper suggests a deleted file recovery technique for the Ext 2/3 filesystem, which is commonly used in Linux. The research involved the analysis of the Ext filesystem structure, file storage structure, and metadata information of file. The shortcomings of the existing methods and methods implemented by the proposed technique to address them are presented. Further, a comparison of the performance of the proposed technique and that of the existing methods is presented.
ISSN:0920-8542
1573-0484
DOI:10.1007/s11227-014-1282-y