An Investigation on File Carving Tool Methodologies Using Scenario Based Image Creation

Hepi Suthar; Priyanka Sharma

doi:10.17485/IJST/v17i3.808

Article

An Investigation on File Carving Tool Methodologies Using Scenario Based Image Creation

VIEWS 374
PDF 83

Indian Journal of Science and Technology

DOI: 10.17485/IJST/v17i3.808

Year: 2024, Volume: 17, Issue: 3, Pages: 215-227

Original Article

An Investigation on File Carving Tool Methodologies Using Scenario Based Image Creation

Hepi Suthar^1*, Priyanka Sharma¹

¹AI & Cyber Security Department, School of Information Technology, Rashtriya Raksha University, Gandhinagar, Gujarat, India

*Corresponding Author
Email: [email protected]

Received Date:07 April 2023, Accepted Date:19 December 2023, Published Date:12 January 2024

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

Objectives: The objective of this study is to develop and validate carving techniques and tools for recovering fragmented files in digital forensics, using various data sets (Data recovery done from various SSD for investigation environment) to verify effectiveness and contribute to the advancement of the field. Methods: The research method used in this study involves the development and validation of carving techniques and tools that can effectively retrieve data from fragmented files. The study uses various data with the use of scenario based from different research organizations to verify the effectiveness of the developed carving techniques and tools. Here this study based on foremost tool, the study also creates 16 pictures for tool verification depending on situations and uses a well-known commercial carving tool, Foremost, to demonstrate the developed image carving pace and precision of each media. The research method is focused on functional verification and creating solutions for digital forensics. Findings: The research findings of this study indicate that the data recovery (from solid state drive) of fragmented files is a significant challenge for file carving (Tools - Scalpel, Bulk Extractor, Foremost, and Photorec) in digital forensics. The study highlights the need for developing and validating carving techniques and tools that can effectively retrieve data from fragmented files. The data sets (Data recovery done from various SSD for investigation environment) from different research organizations were used to verify the effectiveness of the developed carving techniques and tools. The study creates 16 pictures for tool verification depending on situations and uses Foremost (Forensic Tool), a well-known commercial carving tool, to demonstrate the developed image carving pace and precision of each media. The study also found that various carving techniques and tools are constantly being created to get around these restrictions. However, the current data sets (Data recovery done from various SSD for investigation environment) are less useful for validating tools due to their constrained environmental circumstances. Therefore, the study recommends the use of more realistic data sets (Data recovery done from various SSD for investigation environment) to validate carving techniques and tools. Overall, the study's findings contribute to the advancement of digital forensics by providing a more efficient and reliable solution for recovering data from fragmented files. The study's results can be used to improve the accuracy and effectiveness of file carving techniques and tools, thus enhancing digital forensic investigations. Novelty: The novelty of this research lies in developing and validating carving techniques and tools for effectively retrieving data from fragmented files in digital forensics. Like various scenario tested with forensic tools likes Scalpel, Bulk Extractor, Foremost, and Photorec. And tested based on various file signature (document, audio, video, email, and archive). Here file carving technique major with this linearly stored file carving performance, deleted files, file carving performance stored non-linearly, non-linearly, Master Boot Recorder, GUID Partition Table, Hard Disk Drive, and Solid State Drive.

Keywords: SSD, Digital Forensics, File Carving, HDD, Data Recovery

References

Alherbawi N, Shukur Z, Sulaiman R. Systematic Literature Review on Data Carving in Digital Forensic. Procedia Technology. 2013;11:86–92. Available from: https://doi.org/10.1016/j.protcy.2013.12.165
Forensic Images for File Carving. Nist.gov. Available from: https://cfreds-archive.nist.gov/FileCarving/TestFiles/index.html (accessed 2023-11-23)
Digital (Computer) Forensics Tool Testing Images. Sourceforge.net. Available from: https://dftt.sourceforge.net/ (accessed 2023-11-23)
Disk images - digital corpora. Digitalcorpora.org. Available from: https://digitalcorpora.org/corpora/disk-images/ (accessed 2023-11-23)
Casey E. Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet (3). (pp. 1-26) Academic Press. 2019.
Basic Data Carving Test #1. Sourceforge.net. Available from: https://dftt.sourceforge.net/test11/index.html (accessed 2022-12-22)
Hadi HJ, Musthaq N, Khan IU. SSD Forensic: Evidence Generation and Forensic Research on Solid State Drives Using Trim Analysis. In: 2021 International Conference on Cyber Warfare and Security (ICCWS). (pp. 51-56) IEEE. 2022.
Kim H, Kim J, Kwon T. A study of verification methods for File Carving tools by scenario-based image creation. Journal of the Korea Institute of In-formation Security and Cryptology. 2019;29(4):835–845. Available from: https://doi.org/10.13089/JKIISC.2019.29.4.835
Suthar H, Sharma P. An Approach to Data Recovery from Solid State Drive: Cyber Forensics. In: Advancements in Cybercrime Investigation and Digital Forensics (1). (pp. 1-20) Apple Academic Press. 2023.
Et MH. Comparative Analysis Study on SSD, HDD, and SSHD. Turkish Journal of Computer and Mathematics Education (TURCOMAT). 2021;12(3):3635–3641. Available from: https://turcomat.org/index.php/turkbilmat/article/view/1644
Suthar H, Sharma P. Guaranteed Data Destruction Strategies and Drive Sanitization: SSD. Research Square. 2022;p. 1–15. Available from: https://assets.researchsquare.com/files/rs-1896935/v1/75292483-17ad-40b7-ad59-9b14557e6236.pdf?c=1660541356
Suthar H, Sharma P. Method for Extracting Data from an Overprovisioned SSD. In: 2022 IEEE Pune Section International Conference (PuneCon). (pp. 1-6) IEEE. 2023.
Afifi M. State-of-the-Art Tools and Techniques in Digital Forensics. In: Advances in Digital Forensics XV . (pp. 29-43) Springer. 2019.
Javed AR, Ahmed W, Alazab M, Jalil Z, Kifayat K, Gadekallu TR. A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions. IEEE Access. 2022;10:11065–11089. Available from: https://doi.org/10.1109/ACCESS.2022.3142508
Ali RR, Mohamad KM. RX_myKarve carving framework for reassembling complex fragmentations of JPEG images. Journal of King Saud University - Computer and Information Sciences. 2021;33(1):21–32. Available from: https://doi.org/10.1016/j.jksuci.2018.12.007
Suthar H, Sharma P. SSD Forensic Investigation Using Open Source Tool. In: Examining Multimedia Forensics and Content Integrity. (pp. 56-78) IGI Global. 2023.
Suthar H, Sharma P. A Technique for decreasing the SSD’s Garbage Collection overhead using ML techniques. International Conference on Science, Engineering and Technology (ICSET 2022). 2023;p. 51–58. Available from: https://soe.rku.ac.in/conferences/data/06_9738_ICSET%202022.pdf
Oh J, Lee S, Hwang H. Forensic Recovery of File System Metadata for Digital Forensic Investigation. IEEE Access. 2022;10:111591–111606. Available from: https://doi.org/10.1109/ACCESS.2022.3213030

Copyright

© 2024 Suthar & Sharma. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Published By Indian Society for Education and Environment (iSee)