Title :
A Forensic Model on Deleted-File Verification for Securing Digital Evidence
Author :
Kim, Yong-Ho ; Kim, Kunam J.
Author_Institution :
Dept. of Ind. Security, Kyonggi Univ., Seoul, South Korea
Abstract :
The computer forensic technique that analyzes the file hidden in the computer or the file information of Windows has been widely used for the criminal check. However, these techniques had the different problems to be presented as the legal resources. The forensic viewpoint has 5 digital evidence principles such as legitimacy, identity, connectivity, speediness, integrity. This thesis is focused on the principle of connectivity. The principle of connectivity so far insisted the evidential connectivity of media, the Chain of Custody, but the research on the connectivity principle of file is not yet made. This thesis analyzed the cause of deleted file, and developed the best model. Also, it used the developed analysis technique to produce the respective model and the case for the precision of model, and applied the model to the case in order to experiment the precision detected. The detection model presented by this thesis will be the important judgmental data for the reliable evidence forensic.
Keywords :
computer forensics; computer forensic technique; deleted file analyses; developed analysis technique; file information; legal resources; media connectivity; Biometrics; Computer security; Data structures; Detection algorithms; Face recognition; Fingerprint recognition; Forensics; Forgery; Manufacturing; National security;
Conference_Titel :
Information Science and Applications (ICISA), 2010 International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-5941-4
Electronic_ISBN :
978-1-4244-5943-8
DOI :
10.1109/ICISA.2010.5480346
