Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.4.655

A research for partition recovery method in a forensic perspective  

Namgung, Jaeung (Center for Information Security Technologies(CIST), Korea University)
Hong, Ilyoung (Center for Information Security Technologies(CIST), Korea University)
Park, Jungheum (Center for Information Security Technologies(CIST), Korea University)
Lee, Sangjin (Center for Information Security Technologies(CIST), Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.4, 2013 , pp. 655-666 More about this Journal
Abstract
As the capacity of storage devices becomes larger, most users divide them into several logical partitions for convenience of storing and controlling data. Therefore, recovering partitions stably which are artificially hidden or damaged is the most important issue in the perspective of digital forensic. This research suggests partition recovery algorithm that makes stable and effective analysis using characteristics of each file system. This algorithm is available when partition is not distinguishable due to concealment of partition or damage in partition area.
Keywords
Digital Forensics; Partition recovery; Master boot record; Volume boot record; Super block; Boot record;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Master boot record, http://en.wikipedia.org/wiki/Master_boot_record.
2 Volume boot record, http://en.wikipedia.org/wiki/Volume_Boot_Record.
3 Kevin D. Fairbanks, "An analysis of EXT4 for digital forensics," Digital Investigation, vol. 9, pp. 118-130, Aug. 2012.   DOI
4 EaseUS, http://www.easeus.com/partition-recovery.
5 TestDisk, http://www.cgsecurity.org/wiki/TestDisk.
6 Guidance Software homepage, http://www.guidancesoftware.com.
7 Brian Carrier, "File System Forensic Analysis," Addison-Wesley Professional, 22 March 2005.