An Approach for the Validation of File Recovery Functions in Digital Forensics´ Software Tools

Author

Al Sharif, Samir ; Al Ali, Mohamed ; Salem, Naser ; Iqbal, Farkhund ; El Barachi, M. ; Alfandi, Omar

Author_Institution

Abu Dhabi Police, Abu Dhabi, United Arab Emirates

fYear

2014

fDate

March 30 2014-April 2 2014

Firstpage

1

Lastpage

6

Abstract

Recovering lost and deleted information from computer storage media for the purpose of forensic investigation is one of the essential steps in digital forensics. There are several dozens of commercial and open source digital analysis tools dedicated for this purpose. The challenge is to identify the tool that best fits in a specific case of investigation. To measure the file recovering functionality, we have developed a validation approach for comparing five popular forensic tools: Encase, Recover my files, Recuva, Blade, and FTK. These tools were examined in a fixed scenario to show the differences and capabilities in recovering files after deletion, quick format and full format of a USB stick. Experimental results on selected commercial and open source tools demonstrate effectiveness of proposed approach.

Keywords

digital forensics; file organisation; Blade; Encase; FTK; Recover my files; Recuva; USB stick; computer storage media; digital forensics software tool; file recovery function; forensic tools; open source digital analysis tool; Blades; Computers; Digital forensics; Media; Recycling; Universal Serial Bus;

fLanguage

English

Publisher

ieee

Conference_Titel

New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on

Conference_Location

Dubai

Type

conf

DOI

10.1109/NTMS.2014.6814005

Filename

6814005