Using Open Source Forensic Carving Tools on Split DD and EWF Files

Gareth Palmieri; Shahrzad Zargari

doi:10.1109/iThings-GreenCom-CPSCom-SmartData.2017.183

2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)

Using Open Source Forensic Carving Tools on Split DD and EWF Files

Year: 2017, Pages: 379-383

DOI Bookmark: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.183

Authors

Gareth Palmieri
Shahrzad Zargari

Abstract

This study tests a number of open source forensic carving tools to determine their viability when run across split raw forensic images (dd) and Expert Witness Compression Format (EWF) images. This is done by carving files from a raw dd file to determine the baseline before running each tool over the different image types and analysing the results. A framework is then written in python to allow Scalpel to be run across any split dd image, whilst simultaneously concatenating the carved files and sorting by file type. This study tests the framework on a number of scenarios and concludes that this is an effective method of carving files using Scalpel over split dd images.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

A New Technique for File Carving on Hadoop Ecosystem
2017 International Conference on New Trends in Computing Sciences (ICTCS)
Carving the Windows Registry Files Based on the Internal Structure
Information Science and Engineering, International Conference on
A New Approach to Multimedia Files Carving
2014 IEEE International Conference on Bioinformatics and Bioengineering (BIBE)
Validation Algorithms Based on Content Characters and Internal Structure: The PDF File Carving Method
2008 International Symposium on Information Science and Engieering
Roadmap to Approaches for Carving of Fragmented Multimedia Files
2011 Sixth International Conference on Availability, Reliability and Security
Reviewing and Evaluating Existing File Carving Techniques for JPEG Files
2016 Cybersecurity and Cyberforensics Conference (CCC)
New XML-Based Files Implications for Forensics
IEEE Security & Privacy
MTN: Forensic Analysis of MP4 Video Files Using Graph Neural Networks
2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)
Development of a Prototype Program for Separating Overlapping Images Files
2023 8th International Conference on Computational Intelligence and Applications (ICCIA)
Characterizing the Limitations of Forensic Event Reconstruction Based on Log Files
2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)

Using Open Source Forensic Carving Tools on Split DD and EWF Files

Authors

Abstract

Related Articles