Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.2.387

Study on Recovery Techniques for the Deleted or Damaged Event Log(EVTX) Files  

Shin, Yonghak (Dept. of Financial Information Security, Kookmin University)
Cheon, Junyoung (HM Consultings)
Kim, Jongsung (Dept. of Financial Information Security, Kookmin University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.2, 2016 , pp. 387-396 More about this Journal
Abstract
As the number of people using digital devices has increased, the digital forensic, which aims at finding clues for crimes in digital data, has been developed and become more important especially in court. Together with the development of the digital forensic, the anti-forensic which aims at thwarting the digital forensic has also been developed. As an example, with anti-forensic technology the criminal would delete an digital evidence without which the investigator would be hard to find any clue for crimes. In such a case, recovery techniques on deleted or damaged information will be very important in the field of digital forensic. Until now, even though EVTX(event log)-based recovery techniques on deleted files have been presented, but there has been no study to retrieve event log data itself, In this paper, we propose some recovery algorithms on deleted or damaged event log file and show that our recovery algorithms have high success rate through experiments.
Keywords
Digital Forensic; EVTX(Event Log); Carving; Chunk; Event Record; Recovery Techniques;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S.J.J, Kloet , "Measuring and Improving the Quality of File Carving Methods," Master's thesis, Eindhoven University of Technology, Oct. 2007.
2 P. Deutsch, "GZIP file format specification version 4.3," RFC 1952, May. 1996.
3 Andreas Schuster, "Introducing the Microsoft Vista Event Log file format," DFRWS2007, pp. 65-72, May. 2007.
4 Joachim Metz, "Windows XML Event Log (EVTX)," GitHub. "https://github.com/libyal/libevtx/blob/master/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc", Feb. 2014.
5 Minsu Park, " Record File Carving Technique for Efficient File Recovery in Digital Forensic Investigation," KIPS Transactions on Computer and Communication Systems. 2(2), pp. 93-10, Feb. 2013.   DOI
6 2014 Digital Forensic Challenge, http://kdfs.or.kr/journal_notice/3426, Nov. 2014.
7 Binglong Li, Qianxian Wang, and Junuong Luo, "Forensic Analysis of Document fragment based on SVM," Proceedings of the 2006 IEEE Xplore Digital Library, pp. 236-239, DEC. 2006.