Digital Forensic Approach for File Recovery in Unix Systems Research of Data Recovery on Unix File System
Modern forensic-based investigations to analyze and extract data from digital devices are rapidly increasing due to the evolution of criminals with IT technologies and devices.A variety of data for investigations are usually volatile and the key evidence files are easily removed by criminal.Currently a large scale system like a cloud and big data solution are prevalent in our digital life.Thus we need to study about a large scale file system like UNIX in the aspect of digital forensics.Among the forensic technologies,one of the important issues is to recover deleted files in file system.In this paper,we analyze the structure of UFS,and suggest the deleted data recovery method of its metadata with novel techniques.We also present a case study to recover the deleted file from its metadata.
UFS Recovery Digital Forensics Metadata
WooYeon Jo Hyunsoo Chang Taeshik Shon
Department of Computer Engineering Ajou University Suwon,Republic of Korea
国际会议
重庆
英文
562-565
2016-03-20(万方平台首次上网日期,不代表论文的发表时间)