Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.4.175

Determinant Whether the Data Fragment in Unallocated Space is Compressed or Not and Decompressing of Compressed Data Fragment  

Park, Bo-Ra (Center for Information Security Technologies, Korea University)
Lee, Sang-Jin (Center for Information Security Technologies, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.4, 2008 , pp. 175-185 More about this Journal
Abstract
It is meaningful to investigate data in unallocated space because we can investigate the deleted data. However the data in unallocated space is formed to fragmented and it cannot be read by application in most cases. Especially in case of being compressed or encrypted, the data is more difficult to be read. If the fragmented data is encrypted and damaged, it is almost impossible to be read. If the fragmented data is compressed and damaged, it is very difficult to be read but we can read and interpret it sometimes. Therefore if the computer forensic investigator wants to investigate data in unallocated space, formal work of determining the data is encrypted of compressed and decompressing the damaged compressed data. In this paper, I suggest the method of analyzing data in unallocated space from a viewpoint of computer forensics.
Keywords
data fragment; compressed data recovery;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Kulesh Shanmugasundaram, Nasir Memon, 'Automatic Reassembly of Document Fragments Via Context Based Statistical Models,' Proceedings of the 19th Annual Computer SecurityApplications Conference (ACSAC). LasVegas, NV, USA, 2003, pp. 152-159
2 McDaniel, Hossain Heydari .M. 'Content Based File Type Detection Algorithms.' 6th Annual Hawaii International Conference on System Sciences(HICSS), Hawaii, USA, 2003, pp. 108-114
3 Binglong Li, Qingxian Wang, Junyong Luo, et al. 'Classifying model of Document Fragments and the Research' of its Key Issue J. Journal of Harbin Institute of Technology, 2006, pp. 834-839
4 Andrew Rukhin, Juan Soto, James Nechvatal, Miles Smid, Elaine Barker, Stefan Leigh, Mark Levenson, Mark Vangel, David Banks, Alan Heckert, James Dray, San Vo 'A STATII STIICAL TEST SUIlTE FOR RANDOM AND PSEUDORANDOM NUMBER GENERATORS FOR CRYPTOGRAPHIIC APPLIICATIIONS', NIST Special Publication 800-22, (with revisions dated May 15, 2001)
5 Binglong Li, Qingxian Wang, and Junyong Luo, 'Forensic Analysis of Document fragment based on SVM', 2006 International Conference on Intelligent Information Hiding and Multimedia Signal Processing(IIH-MSP'06), pp.236-239
6 Oliver de Vel, 'Augmented sequence spectrum kernels for semi-structured document categorization', Proceedings of the Workshop on Text Mining and Link Analysis, 18th International Joint Conference on Artificial Intelligence (IJCAI), 2003, pp. 213-221
7 Louretta, Good Practice Guide for computer based Electronics Evidence version 3.0, Association of Chief Police Officers, 2003
8 한양대학교 자연과학연구소, 암호통신문 탐지기술 연구 및 S/W 개발, 한국 정보보호센터, 1999년 12월
9 www.guidancesoftware.com
10 D. Salomon, Data Compression - The Complete Reference - 4th edition, Spinger-Verlag, 2007
11 N. I. of Standards and Technology, Special publication 800-22: A Statistical Test Suite for Random and Pseudo-random Number Generators for Cryptographic Applications. http://scrc.nist.gov/rng /rng.pdf, 2000