Abstract
In a world where data is deleted every millisecond, whether on purpose or unintentionally, the question is whether deleted digital files still exist or if they are simply invisible to us on digital devices. Over the years, researchers have answered the question, but the rapid development of technologies and software makes the topic relevant. The global pandemic (coronavirus disease 2019) affected the physical and cyber worlds. Cyber attacks and data breaches have increased by over 400%. During these attacks, data is frequently deleted, mismanaged, or overwritten, making it difficult for users and digital investigators to recover and trace. Commercial tools that analyze deleted files are often expensive, and the unknown factor of free tools has always been a concern. In this paper, we evaluated two digital forensics tools, Magnet AXIOM, a commercial tool, and Autopsy, a free digital forensics tool, to partially bridge the gap for this era. We also used a differential analysis approach to investigate the persistence of deleted files. Moreover, for the best evaluation of the tools, we created files of various types and activities that mimic the daily usage of an average user on a Windows 11 operating system. The activities are divided into phases based on the processes that will most likely overwrite the deleted files. We also discussed the findings of these phases and presented the recommendations and challenges faced during the research process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Riley, T.: The cybersecurity 202: Cybercrime skyrocketed as workplaces went virtual in 2020, new report finds, February 2021 (2021)
Brooks, C.: Alarming cybersecurity stats: what you need to know for 2021. Forbes, March 2021 (2021)
Staff, D.: Data breach costs: calculating the losses for security and it pros, February 2021 (2021)
Gill, M.: 10 shocking data loss and disaster recovery statistics, August 2021 (2021)
Nabity, P., Brett, L.: Recovering deleted and wiped files: a digital forensic comparison of FAT32 and NTFS file systems using evidence eliminator, no. 2007, pp. 1–10 (2009)
Lazaridis, I., Arampatzis, T., Pouros, S.: Evaluation of digital forensics tools on data recovery and analysis. In: The Third International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2016), p. 67 (2016)
Buchanan-Wollaston, J., Storer, T., Glisson, W.: Comparison of the Data Recovery Function of Forensic Tools, pp. 331–347 (2017). To cite this version: HAL Id: hal-01460614
Microsoft by the numbers windows devices. https://news.microsoft.com/bythenumbers/en/windowsdevices. Accessed Oct 2021
Alsop, T.: Shipments of hard and solid state disk (HDD/SSD) drives worldwide from 2015 to 2021, March 2020 (2020)
Magnet forensics. https://support.magnetforensics.com/s/. Accessed Oct 2021
Another set of amazing wins at the 2021 forensic 4:cast awards! Magnet Forensics Blog (2021)
Autopsy. https://www.autopsy.com/. Accessed Oct 2021
Jones, J.H., Khan, T.M.: A method and implementation for the empirical study of deleted file persistence in digital devices and media. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1–7 (2017)
Khan, T.M.: Identifying factors affecting deleted file persistence through empirical study and analysis. Ph.D. thesis. George Mason University (2017)
AllisonShen. security_mft (2021). https://github.com/
Aggarwal, K., Garg, S.K.: Computer forensics: data recovery perspective over Windows and Unix, vol. 6, no. 8, pp. 6–8 (2021)
Duan, R., Zhang, X.: Research on computer forensics technology based on data recovery. J. Phys.: Conf. Ser. 1648(3), 032025 (2020)
Cankaya, E.C., Kupka, B.: A survey of digital forensics tools for database extraction. In: FTC 2016 - Proceedings of Future Technologies Conference, December, pp. 1014–1019 (2017)
Al-Sabaawi, A., Foo, E.: A comparison study of Android mobile forensics for retrieving files system. Ernest Foo Int. J. Comput. Sci. Secur. (IJCSS) 13, 2019–148 (2019)
Ultimate boot CD [software]. https://www.ultimatebootcd.com/. Accessed Oct 2021
DBAN, hard drive eraser & data clearing utility. [software]. DBAN Hard Drive Eraser & Data Clearing Utility. https://dban.org/. Accessed Oct 2021
Robertson, A.: [Software], September 2018. https://gist.github.com/alirobe/7f3b34ad89a159e6daa1file-reclaimwindows10-ps1. Accessed Oct 2021
Ftk imager. [software]. https://accessdata.com/. Accessed Oct 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix - Hash Values of the Created Files
Appendix - Microsoft Edge Browsing History
The items below are listed in the chronological order by browsing activity. The format follows Title | Time (UTC+0) | URL.
-
1.
YouTube | 11/21/2021 17:15 | http://www.youtube.com/
-
2.
YouTube | 11/21/2021 17:16 | https://www.youtube.com/
-
3.
60 min timer - YouTube | 11/21/2021 17:16 | https://www.youtube.com/results?search_query=60+minute+timer
-
4.
60 min video - YouTube | 11/21/2021 17:16 | https://www.youtube.com/results?search_query=60+minute+video
-
5.
AUTUMN 60 min TIMER, no music #60minutetimer - YouTube | 11/21/2021 17:16 | https://www.youtube.com/watch?v=QRjSongCKkM
-
6.
stocks - Bing | 11/21/2021 17:16 | https://www.bing.com/search?q=stocks &cvid=86ab3c620a934928aa8e1e67a2efb5a3 &aqs=edge.0.0l9.2100j0j1 &pglt=2083 &FORM=ANNTA1 &PC=U531
-
7.
Google | 11/21/2021 17:17 | https://www.google.com/
- 8.
-
9.
Google News | 11/21/2021 17:18 | https://news.google.com/
-
10.
Google News | 11/21/2021 17:18 | https://news.google.com/topstories?hl=en-US &gl=US &ceid=US:en
-
11.
Google News - Technology - Latest | 11/21/2021 17:18 | https://news.google.com/topics/CAAqJggKIiBDQkFTRWdvSUwyMHZNRGRqTVhZU0FtVnVHZ0pWVXlnQVAB?hl=en-US &gl=US &ceid=US%3Aen
-
12.
Ferrari Introduces the Daytona SP3, an 828-HP Tribute to the ‘60s - autoevolution | 11/21/2021 17:19:16 | https://news.google.com/articles/CAIiEOKi16f4Pv4pSWm8Q5nkEQIqMwgEKioIACIQFloNoavzTzBvP2PfEiuO2yoUCAoiEBZaDaGr808wbz9j3xIrjtswx-StBw?hl=en-US &gl=US &ceid=US%3Aen
-
13.
Ferrari Introduces the Daytona SP3, an 828-HP Tribute to the ‘60s - autoevolution | 11/21/2021 17:19:16 | https://www.autoevolution.com/news/ferrari-introduces-the-daytona-sp3-an-828-hp-tribute-to-the-60s-174687.html
-
14.
https://www.bing.com/search?q=krebs+on+security &cvid=4b58f3d343ac4148bb07f3270f3c769a &aqs=edge..69i57.4000j0j1 &pglt=2083 &FORM=ANNTA1 &PC=U531 | 11/21/2021 17:21:22 | https://www.bing.com/search?q=krebs+on+security &cvid=4b58f3d343ac4148bb07f3270f3c769a &aqs=edge..69i57.4000j0j1 &pglt=2083 &FORM=ANNTA1 &PC=U531
-
15.
n/a | 11/21/2021 17:21:22 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fkrebsonsecurity.com%2F
-
16.
Krebs on Security – In-depth security news and investigation | 11/21/2021 17:21:23 | https://krebsonsecurity.com/
-
17.
Can You Jailbreak Your iPhone Running iOS 15 to iOS 15.1? Everything You Need to Know | 11/21/2021 17:31:44 | https://news.google.com/articles/CBMiamh0dHBzOi8vd2NjZnRlY2guY29tL2Nhbi15b3UtamFpbGJyZWFrLXlvdXItaXBob25lLXJ1bm5pbmctaW9zLTE1LXRvLWlvcy0xNS0xLWV2ZXJ5dGhpbmcteW91LW5lZWQtdG8ta25vdy_SAW5odHRwczovL3djY2Z0ZWNoLmNvbS9jYW4teW91LWphaWxicmVhay15b3VyLWlwaG9uZS1ydW5uaW5nLWlvcy0xNS10by1pb3MtMTUtMS1ldmVyeXRoaW5nLXlvdS1uZWVkLXRvLWtub3cvYW1wLw?hl=en-US &gl=US &ceid=US%3Aen
-
18.
Can You Jailbreak Your iPhone Running iOS 15 to iOS 15.1? Everything You Need to Know | 11/21/2021 17:31:44 | https://wccftech.com/can-you-jailbreak-your-iphone-running-ios-15-to-ios-15-1-everything-you-need-to-know/
-
19.
6 incredible Apple deals on Amazon ahead of Black Friday | 11/21/2021 17:35:07 | https://news.google.com/articles/CAIiECDYkClfUpv1m44PIS2Shw4qFQgEKg0IACoGCAow9ckFMIBVMJCfBA?hl=en-US &gl=US &ceid=US%3Aen
-
20.
6 incredible Apple deals on Amazon ahead of Black Friday | 11/21/2021 17:35:07 | https://appleinsider.com/articles/21/11/20/6-epic-apple-deals-on-amazon-599-m1-mac-mini-99-apple-pencil-2-189-airpods-with-magsafe-more
-
21.
Google News - World - Latest | 11/21/2021 17:36:01 | https://news.google.com/topics/CAAqJggKIiBDQkFTRWdvSUwyMHZNRGx1YlY4U0FtVnVHZ0pWVXlnQVAB?hl=en-US &gl=US &ceid=US%3Aen
-
22.
Google News - Sports - Latest | 11/21/2021 17:36:25 | https://news.google.com/topics/CAAqJggKIiBDQkFTRWdvSUwyMHZNRFp1ZEdvU0FtVnVHZ0pWVXlnQVAB?hl=en-US &gl=US &ceid=US%3Aen
-
23.
Google News - Science - Latest | 11/21/2021 17:36:45 | https://news.google.com/topics/CAAqJggKIiBDQkFTRWdvSUwyMHZNRFp0Y1RjU0FtVnVHZ0pWVXlnQVAB?hl=en-US &gl=US &ceid=US%3Aen
-
24.
NASA’s DART Mission To Crash a Spacecraft Into an Asteroid Is Set To Launch – Watch It Live | 11/21/2021 17:36:56 | https://news.google.com/articles/CBMicmh0dHBzOi8vc2NpdGVjaGRhaWx5LmNvbS9uYXNhcy1kYXJ0LW1pc3Npb24tdG8tY3Jhc2gtYS1zcGFjZWNyYWZ0LWludG8tYW4tYXN0ZXJvaWQtaXMtc2V0LXRvLWxhdW5jaC13YXRjaC1pdC1saXZlL9IBdmh0dHBzOi8vc2NpdGVjaGRhaWx5LmNvbS9uYXNhcy1kYXJ0LW1pc3Npb24tdG8tY3Jhc2gtYS1zcGFjZWNyYWZ0LWludG8tYW4tYXN0ZXJvaWQtaXMtc2V0LXRvLWxhdW5jaC13YXRjaC1pdC1saXZlL2FtcC8?hl=en-US &gl=US &ceid=US%3Aen
-
25.
NASA’s DART Mission To Crash a Spacecraft Into an Asteroid Is Set To Launch – Watch It Live | 11/21/2021 17:36:57 | https://scitechdaily.com/nasas-dart-mission-to-crash-a-spacecraft-into-an-asteroid-is-set-to-launch-watch-it-live/
-
26.
https://www.bing.com/search?q=zdnet &cvid=e5e4121259b54fefb3b3bd6ecd0daac1 &aqs=edge.0.0l9.1355j0j4 &FORM=ANAB01 &PC=U531 | 11/21/2021 17:39:11 | https://www.bing.com/search?q=zdnet &cvid=e5e4121259b54fefb3b3bd6ecd0daac1 &aqs=edge.0.0l9.1355j0j4 &FORM=ANAB01 &PC=U531
-
27.
n/a | 11/21/2021 17:39:11 | https://www.bing.com/newtabredir?url=https%3%2F%2Fwww.zdnet.com%2F
-
28.
Technology News, Analysis, Comments and Product Reviews for IT Professionals ZDNet | 11/21/2021 17:39:11 | https://www.zdnet.com/
-
29.
FBI warning: This zero-day VPN software flaw was exploited by APT hackers | ZDNet | 11/21/2021 17:39:45 | https://www.zdnet.com/article/fbi-warning-this-zero-day-vpn-software-flaw-was-exploited-by-apt-hackers/
-
30.
Nylas | Universal Email API | 11/21/2021 17:40:39 | https://www.nylas.com/products/email-api/?gclid=EAIaIQobChMIx8jSg4Cq9AIVi8D2Ah1X_gKBEAEYASAAEgJFSvD_BwE
-
31.
Palo Alto Networks raises FY22 revenue guidance | ZDNet | 11/21/2021 17:41:08 | https://www.zdnet.com/article/palo-alto-networks-raises-fy22-revenue-guidance/
-
32.
Dark web crooks are now teaching courses on how to build botnets | ZDNet | 11/21/2021 17:41:56 | https://www.zdnet.com/article/college-for-cyber-criminals-dark-web-crooks-are-teaching-courses-on-how-to-build-botnets/
-
33.
Security | ZDNet | 11/21/2021 17:48:01 | https://www.zdnet.com/topic/security/
-
34.
Cloud security firm Lacework secures $1.3 billion in new funding round | ZDNet | 11/21/2021 17:48:07 | https://www.zdnet.com/article/cloud-security-firm-lacework-secures-1-3-billion-in-series-d-funding-round/
-
35.
n/a | 11/21/2021 17:52:43 | https://www.bing.com/newtabredir?url=http%3A%2F%2Fwww.foxnews.com%2F
-
36.
Fox News - Breaking News Updates | Latest News Headlines | Photos & News Videos | 11/21/2021 17:52:43 | https://www.foxnews.com/
-
37.
Fox News - Breaking News Updates | Latest News Headlines | Photos & News Videos | 11/21/2021 17:52:43 | http://www.foxnews.com/
-
38.
NBC News - Breaking News & Top Stories - Latest World, US & Local News | NBC News | 11/21/2021 17:54:13 | https://www.nbcnews.com/
-
39.
n/a | 11/21/2021 17:54:13 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fwww.nbcnews.com%2F
-
40.
n/a | 11/21/2021 17:57:27 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fwww.cnn.com%2F
-
41.
CNN - Breaking News, Latest News and Videos | 11/21/2021 17:57:27 | https://www.cnn.com/
-
42.
n/a | 11/21/2021 18:00:33 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fabcnews.go.com%2F
-
43.
ABC News – Breaking News, Latest News, Headlines & Videos - ABC News | 11/21/2021 18:00:34 | https://abcnews.go.com/
-
44.
https://www.bing.com/search?q=news &cvid=5b6fa467060a443d88ffe736905bde5c &aqs=edge..69i57j0l4j69i60l4.1971j0j4 &FORM=ANAB01 &PC=U531 | 11/21/2021 18:07:12 | https://www.bing.com/search?q=news &cvid=5b6fa467060a443d88ffe736905bde5c &aqs=edge..69i57j0l4j69i60l4.1971j0j4 &FORM=ANAB01 &PC=U531
-
45.
n/a | 11/21/2021 18:07:12 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fnypost.com%2Fnews%2F
-
46.
New York Post – Breaking News, Latest US & World Headlines | 11/21/2021 18:07:12 | https://nypost.com/news/
-
47.
n/a | 11/21/2021 18:08:27 | https://www.bing.com/newtabredir?url=%3A%2F%2Fmoney.cnn.com%2Fdata%2Fmarkets%2F
-
48.
Stock Market Data - Dow Jones, Nasdaq, S &P 500 - CNNMoney | 11/21/2021 18:11:48 | https://money.cnn.com/data/markets/
-
49.
https://www.bing.com/search?q=stock &qs=n &form=QBRE &sp=-1 &pq=stock &sc=8-5 &sk= &cvid=5209CCE60D7448CB9FB5488184E0944B | 11/21/2021 18:12:50 | https://www.bing.com/search?q=stock &qs=n &form=QBRE &sp=-1 &pq=stock &sc=8-5 &sk= &cvid=5209CCE60D7448CB9FB5488184E0944B
-
50.
Stock Market Data with Stock Price Feeds | Nasdaq | 11/21/2021 18:12:50 | https://www.nasdaq.com/market-activity/stocks
-
51.
n/a | 11/21/2021 18:12:50 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fwww.nasdaq.com%2Fmarket-activity%2Fstocks
Rights and permissions
Copyright information
© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Stanković, M., Khan, T.M. (2023). Digital Forensics Tool Evaluation on Deleted Files. In: Goel, S., Gladyshev, P., Nikolay, A., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 508. Springer, Cham. https://doi.org/10.1007/978-3-031-36574-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-36574-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36573-7
Online ISBN: 978-3-031-36574-4
eBook Packages: Computer ScienceComputer Science (R0)