Abstract
File systems are important sources of intelligence information and digital evidence. They have long attracted the interest of researchers in recovering files that are deleted from a hard disk. Existing file recovery studies rely heavily on an operating system (OS). However, it is often encountered that OS services are not available, making existing file recovery approaches unusable. To address this issue, the authors design and implement an OS-independent file recovery algorithm named Golden Eye (GE) by targeting the EXT4 file system. Fed the raw image obtained from a (sanitized) hard disk, GE can automatically recover any designated file or even the whole EXT4 file system. GE is based on the understanding of the file disk layout of EXT4 and does not need any support from additional hardware or software. Experimental results prove the feasibility and correctness of GE. This work not only solves the OS dependency problem that most existing file recovery work suffers from but also reveals the fact that even sanitized hard disks are still at risk of leaking sensitive data.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
