DocumentCode
434537
Title
Byteprints: a tool to gather digital evidence
Author
Sitaraman, Sriranjani ; Krishnamurthy, Srinivasan ; Venkatesan, S.
Author_Institution
Dept. of Comput. Sci., Texas Univ., Dallas, TX, USA
Volume
1
fYear
2005
fDate
4-6 April 2005
Firstpage
715
Abstract
In this paper, we present techniques to recover useful information from disk drives that are used to store user data. The main idea is to use a logging mechanism to record the modifications to each disk block, and then employ fast algorithms to reconstruct the contents of a file (or a directory) as it existed sometime in the past. Such a consistent snapshot of a file may be used to determine whether a given file ever existed on disk, to undelete a file that was deleted long ago, or to obtain a timeline of activities on a file. This can also be used to validate that a file with given contents existed at some time in the past or to refute a claim that a file existed in a time interval. Information gathered using these consistent snapshots can be used as valuable digital evidence.
Keywords
checkpointing; computational complexity; disc drives; file organisation; Byteprints; checkpointing; computational complexity; digital evidence; file reconstruction; information recovery; Checkpointing; Computer science; Cryptography; Digital forensics; Disk drives; File systems; Hard disks; Magnetic force microscopy; Magnetic memory; Operating systems;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on
Print_ISBN
0-7695-2315-3
Type
conf
DOI
10.1109/ITCC.2005.99
Filename
1428548
Link To Document