A metadata-based method for recovering files and file traces from YAFFS2

Ming Xu,Xue Yang,Beibei Wu,Jun Yao,Haiping Zhang,Jian Xu,Ning Zheng

doi:10.1016/j.diin.2013.02.006

A metadata-based method for recovering files and file traces from YAFFS2

Ming Xu, Xue Yang + Show 5 more

https://doi.org/10.1016/j.diin.2013.02.006

Copy DOI

Journal: Digital Investigation	Publication Date: Mar 26, 2013
Citations: 14

Affiliation: Hangzhou Dianzi University

#File Traces #Logical Aspect + Show 8 more

Abstract
Full-Text
Similar Papers

Abstract

Nowadays, flash memory has drawn much attention of digital investigators, however most of them try to recover the content from logical aspect and few of them pay attention to how those files were created or modified. The deleted and edited contents of a file on the flash chips are commonly related to user behaviors which can be used as digital evidence. In this paper, a method using YAFFS2 metadata to recover files, reconstruct file system, and recover their previous history versions is proposed. The experimental results under Linux operating system show that the proposed method can correctly reconstruct file system, recover file and file traces from YAFFS2; and experiments conducted on physical images of Android phones show that our method can be applied to real scenarios.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title

Journal

Date

Author

View more papers

More From: Digital Investigation

Paper Title

Journal

Date

Author

View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.