A Novel Inequality-Based Fragmented File Carving Technique

Fragmented File carving is an important technique in Digital Forensics to recover files from their fragments in the absence of the file system allocation information. In this paper, the fragmented file carving problem is formulated as a graph theoretic problem. Using this model, we describe two algorithms, “Best Path Search” and “High Fragmentation Path Search”, to perform file reconstruction and recovery. The best path search algorithm is a deterministic technique to recover the best file construction path. We show that this technique is more efficient and accurate than existing brute force techniques. In addition, a test was carried out to recover 10 files scattered into their fragments. The best path search algorithm was able to successful recover all of them back to their original state. The high fragmentation path search technique involves a trade-off between the final score of the constructed path of the file and the file recovery time to allow a faster recovery process for highly fragmented files. Analysis show that the accurate eliminations of paths have an accuracy of up to greater than 85%.

[1]  Simson L. Garfinkel,et al.  Carving contiguous and fragmented files with fast object validation , 2007, Digit. Investig..

[2]  Michael I. Cohen,et al.  Advanced JPEG carving , 2008, e-Forensics '08.

[3]  Jorge Stolfi,et al.  A Multiscale Method for the Reassembly of Two-Dimensional Fragmented Objects , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Nasir Memon,et al.  Automatic Reassembly of Document Fragments via Data Compression , 2002 .

[5]  Nasir D. Memon,et al.  Automated reassembly of file fragmented images using greedy algorithms , 2006, IEEE Transactions on Image Processing.

[6]  Husrev T. Sencar,et al.  Detecting file fragmentation point using sequential hypothesis testing , 2008, Digit. Investig..

[7]  W. Stemmer DNA shuffling by random fragmentation and reassembly: in vitro recombination for molecular evolution. , 1994, Proceedings of the National Academy of Sciences of the United States of America.

[8]  R. Sablatnig,et al.  On Finding Archaeological Fragment Assemblies Using a Bottom-Up Design , 2001 .

[9]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[10]  Martin Kampel,et al.  Classification of archaeological fragments using profile primitives , 2001 .

[11]  Michael I. Cohen Advanced carving techniques , 2007, Digit. Investig..

[12]  Nasir D. Memon,et al.  Automated reassembly of fragmented images , 2003, 2003 International Conference on Multimedia and Expo. ICME '03. Proceedings (Cat. No.03TH8698).

[13]  Nasir D. Memon,et al.  Automatic reassembly of document fragments via context based statistical models , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[14]  S. A. Martucci,et al.  Reversible compression of HDTV images using median adaptive prediction and arithmetic coding , 1990, IEEE International Symposium on Circuits and Systems.