Abstract
With the rise in digital crimes nowadays, digital investigators are required to recover and analyse data from various digital resources. Since the files are often stored in fragments owing to memory constraints, the information of the file system and metadata of the file is required to recover the file. However, in cases where the file system is destroyed intentionally or unintentionally, and the metadata is deleted as well, the recovery of the digital evidence is done by a special method known as carving. In file carving, files are recovered solely based on the information about the structure and content of the individual file rather than matching the system’s information of the file. The process of file carving in digital forensics first requires classifying and then arranging the blocks of data that are typically stored as a sequence of bytes in memory. But carving is only possible when the file is not damaged or corrupted otherwise carving is not possible. The aim of this research is to analyse various Windows OS’s file carving techniques used in Digital Forensics particularly for their strengths and weaknesses. This analysis leads to the need of explicitly designed file carvers for different types of files. A novel technique for carving Microsoft’s Word files (a compound format file which is least researched upon) has also been proposed in the document.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.