An approach for the validation of file recovery functions in digital forensics' software tools

Author First name, Last name, Institution

Sultan Al Sharif, Abu Dhabi Police
Mohamed Al Ali, International Petroleum Investment Company
Naser Salem, Abu Dhabi Police
Farkhund Iqbal, Zayed UniversityFollow
May El Barachi, Zayed University
Omar Alfandi, Zayed University

Document Type

Conference Proceeding

Source of Publication

2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops

Publication Date

1-1-2014

Abstract

Recovering lost and deleted information from computer storage media for the purpose of forensic investigation is one of the essential steps in digital forensics. There are several dozens of commercial and open source digital analysis tools dedicated for this purpose. The challenge is to identify the tool that best fits in a specific case of investigation. To measure the file recovering functionality, we have developed a validation approach for comparing five popular forensic tools: Encase, Recover my files, Recuva, Blade, and FTK. These tools were examined in a fixed scenario to show the differences and capabilities in recovering files after deletion, quick format and full format of a USB stick. Experimental results on selected commercial and open source tools demonstrate effectiveness of proposed approach. © 2014 IEEE.

DOI Link

10.1109/ntms.2014.6814005

Publisher

IEEE Computer Society

Last Page

6

Disciplines

Computer Sciences

Keywords

Carving, Deleted files, Digital forensics, File recovery, Forensic tools, Investigation

Scopus ID

84901419836

Recommended Citation

Al Sharif, Sultan; Al Ali, Mohamed; Salem, Naser; Iqbal, Farkhund; El Barachi, May; and Alfandi, Omar, "An approach for the validation of file recovery functions in digital forensics' software tools" (2014). All Works. 418.
https://zuscholars.zu.ac.ae/works/418

Indexed in Scopus

yes

Open Access

no