Browse > Article
http://dx.doi.org/10.7472/jksii.2020.21.3.93

Block based Smart Carving System for Forgery Analysis and Fragmented File Identification  

Lee, Hanseong (Div. of Computer Engineering, Hanshin University)
Lee, Hyung-Woo (Div. of Computer Engineering, Hanshin University)
Publication Information
Journal of Internet Computing and Services / v.21, no.3, 2020 , pp. 93-102 More about this Journal
Abstract
In order for data obtained through all stages of digital crime investigation to be recognized as evidence capability, it must satisfy legal / technical requirements. In this paper, we propose a mechanism and implement software to provide digital forensic evidence by automatically recovering files by scanning / inspecting the unallocated area inside the storage disk block without relying on information provided by the file system. The proposed technique checks / analyzes the RAW disk data of the system under analysis in 512-byte block units based on information on the storage format / file structure of various files stored on the disk without referring to the file system-related information provided by the operating system. The file carving process was implemented, and a smart carving mechanism was proposed to intelligently restore deleted or damaged files in the storage device. As a result, we have provided a block based smart carving method to intelligently identify fragmented and damaged files in storage efficiently for forgery analysis on digital forensic investigation.
Keywords
File Carving; Smart Carving; File System; Block; Fragmentation; Forgery Analysis; Digital Forensics;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 A. Pal, Nasir D. Memon, "The evolution of file carving," IEEE Signal Processing Magazine 26(2):59-71, 2009. https://doi.org/10.1109/MSP.2008.931081   DOI
2 File Carving: Smart Carving, Wikipedia, Available May, 1, 2019, [Online] https://www.forensicswiki.org/wiki/File_Carving:SmartCarving.
3 R. R. Ali, K. M. Mohamad, S. Jamel, S. K. A. Khalid, "A Review of Digital Forensics Methods for JPEG File Carving," Journal of Theoretical and Applied Information Technology, Vol.96. No 17, pp.5841-5856, 2018.
4 R. K. Pahade, B. Singh, and U. Singh, "A Survey on Multimedia File Carving", International Journal of Computer Science & Engineering Survey, Vol.6, No.6. 2015.
5 V. Ganesh, "Artificial Intelligence Applied to Computer Forensics", International Journal, 5(5), 2017.
6 R. R. Ali, K. M. Mohamad, S. Jamel, S. K. A. Khalid, "A Review OF Digital Forensics Methods For JPEG File Carving," Journal of Theoretical and Applied Information Technology, Vol.96, No. 17, pp.5841- 5856, 15th Sep.2018.
7 M. Nadeem Ashraf, "Forensic Multimedia File Carving", Master's Thesis, KTH, 2013.
8 Pillow, Available January, 14, 2020, [Online] https://pillow.readthedocs.io/en/stable/.
9 Foremost, Source Forge, Available January, 14, 2020, [Online] http://foremost.sourceforge.net/.
10 Scalpel, GitHub, Available January, 14, 2020, [Online] https://github.com/sleuthkit/scalpel.
11 Bulk extractor, GitHub, Available January, 14, 2020, [Online] https://github.com/simsong/bulk_extractor.
12 Garfinkel, Simson L., "Digital media triage with bulk data analysis and bulk_extractor.", Computers & Security 32, 56-72, 2013.   DOI
13 A. Singh, N. Jindal, and K. Singh, "A review on digital image forensics", International Conference on Signal Processing, page 12-6, 2016.
14 S. Kim and H. Kim, "Fuzzy Expert System for Detecting Anti-Forensic Activities," Journal of Internet Computing and Services, vol. 12, no. 5, pp. 47-62, 2011.
15 S. Kim and S. Lee, "Automatic Malware Detection Rule Generation and Verification System," Journal of Internet Computing and Services, vol. 20, no. 2, pp. 9-19, 2019. https://doi.org/10.7472/jksii.2019.20.2.9.   DOI
16 H. Lee and H. Lee, "Consortium Blockchain based Forgery Android APK Discrimination DApp using Hyperledger Composer," Journal of Internet Computing and Services, vol. 20, no. 5, pp. 9-18, 2019. https://doi.org/ 10.7472/jksii.2019.20.5.9.   DOI
17 C. Park, "Hybrid copy-move-forgery detection algorithm fusing key point-based and block-based approaches," Journal of Internet Computing and Services, vol. 19, no. 4, pp. 7-13, 2018. https://doi.org/10.7472/jksii.2018.19.4.7.   DOI