Using open source forensic carving tools on split dd and EWF files.

PALMIERI, Gareth and ZARGARI, Shahrzad (2017). Using open source forensic carving tools on split dd and EWF files. In: Proceedings, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 379-383. (In Press)

[img]
Preview
PDF
Zargari-UsingOpenSourceForensicCarvingTools(AM).pdf - Accepted Version
All rights reserved.

Download (314kB) | Preview
Link to published version:: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.183

Abstract

This study tests a number of open source forensic carving tools to determine their viability when run across split raw forensic images (dd) and Expert Witness Compression Format (EWF) images. This is done by carving files from a raw dd file to determine the baseline before running each tool over the different image types and analysing the results. A framework is then written in python to allow Scalpel to be run across any split dd image, whilst simultaneously concatenating the carved files and sorting by file type. This study tests the framework on a number of scenarios and concludes that this is an effective method of carving files using Scalpel over split dd images.

Item Type: Book Section
Research Institute, Centre or Group: Cultural Communication and Computing Research Institute > Communication and Computing Research Centre
Departments: Arts, Computing, Engineering and Sciences > Computing
Identification Number: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.183
Depositing User: Shahrzad Zargari
Date Deposited: 26 Jan 2018 12:44
Last Modified: 02 Feb 2018 03:34
URI: http://shura.shu.ac.uk/id/eprint/17047

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics