Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.6.1397

Development of a Set of Data for Verifying Partition Recovery Tool and Evaluation of Recovery Tool  

Park, Songyee (Center for Information Security Technologies(CIST), Korea University)
Hur, Gimin (Center for Information Security Technologies(CIST), Korea University)
Lee, Sang-jin (Center for Information Security Technologies(CIST), Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.6, 2017 , pp. 1397-1404 More about this Journal
Abstract
When a digital forensic investigation is conducted on a damaged storage medium, recovery is performed using a recovery tool. But the result of each recovery tool is different depending on the tools. Therefore, it is necessary to identify and use the performance and limitations of the tool for accurate investigation. In this paper, we propose a scenario considering the disk recognition type such as MBR, GPT and the structural characteristics of FAT32 and NTFS filesystem to verify the performance of the partition recovery tool. And then We validate the existing tools with the data set built on the scenarios.
Keywords
Digital forensics; Data set; Digital forensics tool testing; Recovery tool;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 https://www.cftt.nist.gov/
2 http://dftt,sourceforge.net/
3 http://www.toptenreviews.com/software/backup-recovery/best-data-recoverysoftware/
4 Min-Seo Kim and Sang-jin Lee, "Development of Windows forensic tool for verifying a set of data," Journal of the Korea Institute of Information Security & Cryptology, Vol. 25, No. 6, pp. 1421-1433, Dec, 2015.   DOI
5 Jaeung Namgung, Ilyoung Hong, Jungheum Park and Sangjin Lee, "A research for partition recovery method in a forensic perspective," Journal of the Korea Institute of Information Security & Cryptology, Vol. 23, No. 4, pp. 655-666, Aug, 2013.   DOI
6 Guo, Yinghua, Jill Slay, and Jason Beckett. "Validation and verification of computer forensic software tools-Searching Function," Digital investigation, Vol. 6, pp. 12-22, Sep, 2009.   DOI
7 Beckett, Jason, and Jill Slay. "Digital forensics: Validation and verification in a dynamic work environment," System Sciences 2007 HICSS 2007 40th Annual Hawaii International Conference on IEEE, pp. 266-266, Jan, 2007.
8 Nikkel, Bruce J. "Forensic analysis of GPT disks and GUID partition tables." Digital Investigation, Vol. 6.1, pp. 39-47, Sep, 2009.   DOI