File Allocation Chronology and its Impact on Digital Forensics

被引:1
作者
Bahjat, Ahmed [1 ]
Jones, Jim [1 ]
机构
[1] George Mason Univ, Volgenau Sch Engn, Fairfax, VA 22030 USA
来源
2023 IEEE 13TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE, CCWC | 2023年
关键词
forensic recovery; digital forensics; digital evidence; file slack; file fragment; event reconstruction; TIME;
D O I
10.1109/CCWC57344.2023.10099265
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Event construction and sequencing are integral to the digital investigation process to build a sound case and admissible evidence. When dealing with deleting files, forged files, or file fragments, an investigator might not be able to consider many key artifacts because of forged or missing timestamps. In this work, we are investigating the applicability of using neighboring files to infer a timestamp of a key artifact using a real data set of over a thousand hard drives focusing on FAT drives. We performed an empirical study using the Real Data Set to understand the adjacent files' chronology and present our findings in this research.
引用
收藏
页码:612 / 618
页数:7
相关论文
共 29 条
  • [1] TIME AND TIME AGAIN - THE MANY WAYS TO REPRESENT TIME
    ALLEN, JF
    [J]. INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS, 1991, 6 (04) : 341 - 355
  • [2] MAINTAINING KNOWLEDGE ABOUT TEMPORAL INTERVALS
    ALLEN, JF
    [J]. COMMUNICATIONS OF THE ACM, 1983, 26 (11) : 832 - 843
  • [3] Deleted file fragment dating by analysis of allocated neighbors
    Bahjat, Ahmed A.
    Jones, Jim
    [J]. DIGITAL INVESTIGATION, 2019, 28 : S60 - S67
  • [4] Sceadan: Using Concatenated N-Gram Vectors for Improved File and Data Type Classification
    Beebe, Nicole L.
    Maddox, Laurence A.
    Liu, Lishu
    Sun, Minghe
    [J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2013, 8 (09) : 1519 - 1530
  • [5] Boyd C., 2004, Digital Investigation, V1, P18
  • [6] A brief study of time
    Buchholz, Florian
    Tjaden, Brett
    [J]. DIGITAL INVESTIGATION, 2007, 4 (SUPPL.) : S31 - S42
  • [7] Carrier Brian, 2005, File System Forensic Analysis
  • [8] Casey E., 2011, Digital Evidence and Computer Crime
  • [10] Automatic Timeline Construction and Analysis for Computer Forensics Purposes
    Chabot, Yoan
    Bertaux, Aurelie
    Nicolle, Christophe
    Kechadi, Tahar
    [J]. 2014 IEEE JOINT INTELLIGENCE AND SECURITY INFORMATICS CONFERENCE (JISIC), 2014, : 276 - 279