Call for Paper

CAE solicits original research papers for the July 2021 Edition. Last date of manuscript submission is June 30, 2021.

Read More

Unconventional Method of Accessing Files – An Automated Generation of its Input

K. Srinivas, T. Venugopal. Published in Information Systems.

Communications on Applied Electronics
Year of Publication: 2017
Publisher: Foundation of Computer Science (FCS), NY, USA
Authors: K. Srinivas, T. Venugopal
10.5120/cae2017652714

K Srinivas and T Venugopal. Unconventional Method of Accessing Files – An Automated Generation of its Input. Communications on Applied Electronics 7(9):19-26, November 2017. BibTeX

@article{10.5120/cae2017652714,
	author = {K. Srinivas and T. Venugopal},
	title = {Unconventional Method of Accessing Files – An Automated Generation of its Input},
	journal = {Communications on Applied Electronics},
	issue_date = {November 2017},
	volume = {7},
	number = {9},
	month = {Nov},
	year = {2017},
	issn = {2394-4714},
	pages = {19-26},
	numpages = {8},
	url = {http://www.caeaccess.org/archives/volume7/number9/777-2017652714},
	doi = {10.5120/cae2017652714},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

File Carving is an unconventional method of accessing files from disk. It is a technique of reassembling unordered mixed file fragments, without using files’ metadata such as FAT, for reconstructing the actual files present on the disk. In the areas of data recovery and digital forensics this situation arises. A challenge file is an input file for testing a file carving tool during its development phase and it consists of a number of files, in the form of fragments, mixed in random order [1]. In this paper authors have presented a software system that generates a challenge file by implementing, at user level, a file system which broadly follows FAT file system. This software system uses a large size file to store file fragments just like a kernel level file system uses disk to store files. The designers of file carvers can use the challenge file conveniently as a virtual disk, in place of the actual disk, thus eliminating the need of a physical hard disk for testing their algorithms. The kernel level file system fragments the file, as per availability of free clusters, at the time of creation or modification of files. The user level file system, fragments the file, as per availability of free clusters, on the virtual disk i.e., the challenge file. This challenge file consists of mixed file fragments of a number of user files. There are a number of other benefits of this approach as outlined in this paper.

References

  1. https://www.dfrws.org
  2. Andreas Dewald, Sabine Seufert, “AFEIC: Advanced forensic Ext4 inode carving”,DFRWS 2017 Europe – Proceedings of the 4th Annual DFRWS Europe – Elsevier Journal - Digital Investigation 20 (2017) S83-S91
  3. Nasir Memon, Anandabrata Pal, “Automated Reassembly of File Fragmented Images Using GreedyAlgorithms”,IEEE Transactions onImage Processing, Volume 15,No.2, February,2006
  4. Anadabrata Pal, Nasir Memon, “The Evolution of File Carving: The benefits and problems of forensics recovery”,IEEE Signal Processing magazine Vol. 26. No 2. March 2009.
  5. Simson L. Garfinkel: Carving contiguous and fragmented files with fast object validation, ELSEVIER, Digital Investigation, 2007.
  6. Nadeem Alherbawi, Zarina Shukur and Rossilawati Sulaiman, “A Survey on Data Carving in Digital Forensics”,ISSN: 1682-3915 - Asian Journal of Information Technology 15 (24): 5137-5144, 2016.
  7. K. Srinivas, T. Venugopal: Design and Implementation of File Carving Algorithms in Computer Forensics , National Conference on Advances in Computing and Networking, Computer Society of India - JNTUH College of Engineering, Manthani, Karimnagar p81-87, December 2014.
  8. Kulesh Shanmugasundaram, Nasir Memon: Automatic Reassembly of Document Fragments via Context Based Statistical Models, ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference, IEEE Computer Society Washington, DC, USA.
  9. Xinyan Zha and Sartaj Sahni: Fast in-place file carving for digital forensics, Springer Link, 2011.

Keywords

User Level File System, Kernel Level File System, Virtual disk, Challenge file, Script File.