Title :
Byteprints: a tool to gather digital evidence
Author :
Sitaraman, Sriranjani ; Krishnamurthy, Srinivasan ; Venkatesan, S.
Author_Institution :
Dept. of Comput. Sci., Texas Univ., Dallas, TX, USA
Abstract :
In this paper, we present techniques to recover useful information from disk drives that are used to store user data. The main idea is to use a logging mechanism to record the modifications to each disk block, and then employ fast algorithms to reconstruct the contents of a file (or a directory) as it existed sometime in the past. Such a consistent snapshot of a file may be used to determine whether a given file ever existed on disk, to undelete a file that was deleted long ago, or to obtain a timeline of activities on a file. This can also be used to validate that a file with given contents existed at some time in the past or to refute a claim that a file existed in a time interval. Information gathered using these consistent snapshots can be used as valuable digital evidence.
Keywords :
checkpointing; computational complexity; disc drives; file organisation; Byteprints; checkpointing; computational complexity; digital evidence; file reconstruction; information recovery; Checkpointing; Computer science; Cryptography; Digital forensics; Disk drives; File systems; Hard disks; Magnetic force microscopy; Magnetic memory; Operating systems;
Conference_Titel :
Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on
Print_ISBN :
0-7695-2315-3
DOI :
10.1109/ITCC.2005.99
