Methods for Creating Realistic Disk Images for Forensics Tool Testing and Education

Abstract

Both testing of computer storage forensics tools, and education in conducting computer forensics require reference drive images with known characteristics. Without a known ground-truth it is not possible to fully verify the ability of a tool or a student's analytical technique on whether they capture the important data residing on the drive. Due to privacy concerns existing corpa of drive images from real users cannot be used, so we must construct drive images that do not contain any privacy-related information. This paper discusses methods to generate drive images constructively and the concerns that must be taken into account to ensure they are realistic, reflecting not only the particular testing scenario desired, but also appropriate "background noise". Further we discuss competing methods to accomplish this and propose a means of automating the entire process.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 17, 2009
Accession Number
ADA496275

Entities

People

  • Loren E. Peitso
  • Simson Garfinkel

Organizations

  • Naval Postgraduate School

Tags

DTIC Thesaurus Topics

  • Background Noise
  • Basic Programming Language
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Department Of Defense
  • Education
  • Governments
  • Hidden Markov Models
  • Language
  • Linguistics
  • Network Computing
  • Operating Systems
  • Simulators
  • Software Agents
  • Word Processors

Fields of Study

  • Computer science

Readers

  • Computer Vision.
  • Cybersecurity.
  • Systems Analysis and Design