An Analysis of Disc Carving Techniques

Abstract

Disc carving is an essential element of computer forensic analysis. However the high cost of commercial solutions coupled with the lack of availability of open source tools to perform disc analysis has become a hindrance to those performing analysis on UNIX computers. In addition even expensive commercial products offer only a fairly limited ability to "carve" for various files. In this thesis, an open source tool known as Foremost is modified in such a way as to address the need for such a carving tool in a UNIX environment. An implementation of various heuristics for recognizing file formats will be demonstrated as well as the ability to provide some file system specific support. As a result of these implementations a revision of Foremost will be provided that will be made available as an open source tool to aid analysts in their forensic investigations.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2005
Accession Number
ADA432468

Entities

People

  • Nicholas Mikus

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Advanced Electronics
  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Application Software
  • Availability
  • Computational Forensics
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Criminal Investigations
  • Detection
  • Digital Audio
  • Digital Cameras
  • Forensic Analysis
  • Operating Systems
  • Spreadsheet Software
  • Standards
  • Word Processors

Readers

  • Cybersecurity.
  • Software Engineering.
  • Systems Analysis and Design