A Strategy for Testing Metadata Based Deleted File Recovery Tools

James Lyle

Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers

Research Article

A Strategy for Testing Metadata Based Deleted File Recovery Tools

Download

955 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1007/978-3-642-35515-8_9,
    author={James Lyle},
    title={A Strategy for Testing Metadata Based Deleted File Recovery Tools},
    proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers},
    proceedings_a={ICDF2C},
    year={2012},
    month={12},
    keywords={Digital forensics tool testing deleted file recovery},
    doi={10.1007/978-3-642-35515-8_9}
}

James Lyle
Year: 2012
A Strategy for Testing Metadata Based Deleted File Recovery Tools
ICDF2C
Springer
DOI: 10.1007/978-3-642-35515-8_9

James Lyle¹^,*

1: National Institute of Standards and Technology

*Contact email: jlyle@nist.gov

Abstract

Deleted file recovery tools use residual metadata left behind after files are deleted to reconstruct deleted files. File systems use metadata to keep track of the location of user files, time stamps of file activity, file ownership and file access permissions. When a file is deleted, many file systems do not actually remove the file content, but mark the file blocks as available for reuse by future file allocations. This paper describes a strategy for testing forensic tools that recover deleted files from the residual metadata that can be found after a file has been deleted.

Keywords: Digital forensics tool testing deleted file recovery

Published: 2012-12-06

: http://dx.doi.org/10.1007/978-3-642-35515-8_9

A Strategy for Testing Metadata Based Deleted File Recovery Tools

Abstract

About EAI

Community

Publish with EAI