• DocumentCode
    434537
  • Title

    Byteprints: a tool to gather digital evidence

  • Author

    Sitaraman, Sriranjani ; Krishnamurthy, Srinivasan ; Venkatesan, S.

  • Author_Institution
    Dept. of Comput. Sci., Texas Univ., Dallas, TX, USA
  • Volume
    1
  • fYear
    2005
  • fDate
    4-6 April 2005
  • Firstpage
    715
  • Abstract
    In this paper, we present techniques to recover useful information from disk drives that are used to store user data. The main idea is to use a logging mechanism to record the modifications to each disk block, and then employ fast algorithms to reconstruct the contents of a file (or a directory) as it existed sometime in the past. Such a consistent snapshot of a file may be used to determine whether a given file ever existed on disk, to undelete a file that was deleted long ago, or to obtain a timeline of activities on a file. This can also be used to validate that a file with given contents existed at some time in the past or to refute a claim that a file existed in a time interval. Information gathered using these consistent snapshots can be used as valuable digital evidence.
  • Keywords
    checkpointing; computational complexity; disc drives; file organisation; Byteprints; checkpointing; computational complexity; digital evidence; file reconstruction; information recovery; Checkpointing; Computer science; Cryptography; Digital forensics; Disk drives; File systems; Hard disks; Magnetic force microscopy; Magnetic memory; Operating systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on
  • Print_ISBN
    0-7695-2315-3
  • Type

    conf

  • DOI
    10.1109/ITCC.2005.99
  • Filename
    1428548
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=434537