Using open source forensic carving tools on split dd and EWF files.

Tools

PALMIERI, Gareth and ZARGARI, Shahrzad (2017). Using open source forensic carving tools on split dd and EWF files. In: Proceedings, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 379-383. (In Press) [Book Section]

[+][-]

Documents

17047:371838

[+][-]

17047:371838

[thumbnail of Zargari-UsingOpenSourceForensicCarvingTools(AM).pdf]

Preview

PDF
Zargari-UsingOpenSourceForensicCarvingTools(AM).pdf - Accepted Version
Available under License All rights reserved.

Download (314kB) | Preview

Abstract

This study tests a number of open source forensic carving tools to determine their viability when run across split raw forensic images (dd) and Expert Witness Compression Format (EWF) images. This is done by carving files from a raw dd file to determine the baseline before running each tool over the different image types and analysing the results. A framework is then written in python to allow Scalpel to be run across any split dd image, whilst simultaneously concatenating the carved files and sorting by file type. This study tests the framework on a number of scenarios and concludes that this is an effective method of carving files using Scalpel over split dd images.

More Information

Research Institute, Centre or Group - Does NOT include content added after October 2018:

Cultural Communication and Computing Research Institute > Communication and Computing Research Centre

Departments - Does NOT include content added after October 2018:

Faculty of Science, Technology and Arts > Department of Computing

Page Range:

379-383

ISBN:

978153863066217

Identifiers

Identification Number:

10.1109/iThings-GreenCom-CPSCom-SmartData.2017.183