Skip to main content
SpringerLink
Log in

Digital Forensics Tool Evaluation on Deleted Files

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2022)

Included in the following conference series:

  • 505 Accesses

Abstract

In a world where data is deleted every millisecond, whether on purpose or unintentionally, the question is whether deleted digital files still exist or if they are simply invisible to us on digital devices. Over the years, researchers have answered the question, but the rapid development of technologies and software makes the topic relevant. The global pandemic (coronavirus disease 2019) affected the physical and cyber worlds. Cyber attacks and data breaches have increased by over 400%. During these attacks, data is frequently deleted, mismanaged, or overwritten, making it difficult for users and digital investigators to recover and trace. Commercial tools that analyze deleted files are often expensive, and the unknown factor of free tools has always been a concern. In this paper, we evaluated two digital forensics tools, Magnet AXIOM, a commercial tool, and Autopsy, a free digital forensics tool, to partially bridge the gap for this era. We also used a differential analysis approach to investigate the persistence of deleted files. Moreover, for the best evaluation of the tools, we created files of various types and activities that mimic the daily usage of an average user on a Windows 11 operating system. The activities are divided into phases based on the processes that will most likely overwrite the deleted files. We also discussed the findings of these phases and presented the recommendations and challenges faced during the research process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Riley, T.: The cybersecurity 202: Cybercrime skyrocketed as workplaces went virtual in 2020, new report finds, February 2021 (2021)

    Google Scholar 

  2. Brooks, C.: Alarming cybersecurity stats: what you need to know for 2021. Forbes, March 2021 (2021)

    Google Scholar 

  3. Staff, D.: Data breach costs: calculating the losses for security and it pros, February 2021 (2021)

    Google Scholar 

  4. Gill, M.: 10 shocking data loss and disaster recovery statistics, August 2021 (2021)

    Google Scholar 

  5. Nabity, P., Brett, L.: Recovering deleted and wiped files: a digital forensic comparison of FAT32 and NTFS file systems using evidence eliminator, no. 2007, pp. 1–10 (2009)

    Google Scholar 

  6. Lazaridis, I., Arampatzis, T., Pouros, S.: Evaluation of digital forensics tools on data recovery and analysis. In: The Third International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2016), p. 67 (2016)

    Google Scholar 

  7. Buchanan-Wollaston, J., Storer, T., Glisson, W.: Comparison of the Data Recovery Function of Forensic Tools, pp. 331–347 (2017). To cite this version: HAL Id: hal-01460614

    Google Scholar 

  8. Microsoft by the numbers windows devices. https://news.microsoft.com/bythenumbers/en/windowsdevices. Accessed Oct 2021

  9. Alsop, T.: Shipments of hard and solid state disk (HDD/SSD) drives worldwide from 2015 to 2021, March 2020 (2020)

    Google Scholar 

  10. Magnet forensics. https://support.magnetforensics.com/s/. Accessed Oct 2021

  11. Another set of amazing wins at the 2021 forensic 4:cast awards! Magnet Forensics Blog (2021)

    Google Scholar 

  12. Autopsy. https://www.autopsy.com/. Accessed Oct 2021

  13. Jones, J.H., Khan, T.M.: A method and implementation for the empirical study of deleted file persistence in digital devices and media. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1–7 (2017)

    Google Scholar 

  14. Khan, T.M.: Identifying factors affecting deleted file persistence through empirical study and analysis. Ph.D. thesis. George Mason University (2017)

    Google Scholar 

  15. AllisonShen. security_mft (2021). https://github.com/

  16. Aggarwal, K., Garg, S.K.: Computer forensics: data recovery perspective over Windows and Unix, vol. 6, no. 8, pp. 6–8 (2021)

    Google Scholar 

  17. Duan, R., Zhang, X.: Research on computer forensics technology based on data recovery. J. Phys.: Conf. Ser. 1648(3), 032025 (2020)

    Google Scholar 

  18. Cankaya, E.C., Kupka, B.: A survey of digital forensics tools for database extraction. In: FTC 2016 - Proceedings of Future Technologies Conference, December, pp. 1014–1019 (2017)

    Google Scholar 

  19. Al-Sabaawi, A., Foo, E.: A comparison study of Android mobile forensics for retrieving files system. Ernest Foo Int. J. Comput. Sci. Secur. (IJCSS) 13, 2019–148 (2019)

    Google Scholar 

  20. Ultimate boot CD [software]. https://www.ultimatebootcd.com/. Accessed Oct 2021

  21. DBAN, hard drive eraser & data clearing utility. [software]. DBAN Hard Drive Eraser & Data Clearing Utility. https://dban.org/. Accessed Oct 2021

  22. Robertson, A.: [Software], September 2018. https://gist.github.com/alirobe/7f3b34ad89a159e6daa1file-reclaimwindows10-ps1. Accessed Oct 2021

  23. Ftk imager. [software]. https://accessdata.com/. Accessed Oct 2021

Download references

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, 47906, USA

    Miloš Stanković & Tahir M. Khan

Authors
  1. Miloš Stanković
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tahir M. Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Miloš Stanković .

Editor information

Editors and Affiliations

  1. University at Albany, Albany, NY, USA

    Sanjay Goel

  2. University College Dublin, Dublin, Ireland

    Pavel Gladyshev

  3. Horangi Cyber Security, Singapore, Singapore

    Akatyev Nikolay

  4. Missouri University of Science and Technology, Rolla, MO, USA

    George Markowsky

  5. Rochester Institute of Technology, Rochester, NY, USA

    Daryl Johnson

Appendices

Appendix - Hash Values of the Created Files

Table 5. SHA256 Values of the Files
Full size table
Table 6. MD5 Values of the Files
Full size table

Appendix - Microsoft Edge Browsing History

The items below are listed in the chronological order by browsing activity. The format follows Title | Time (UTC+0) | URL.

  1. 1.

    YouTube | 11/21/2021 17:15 | http://www.youtube.com/

  2. 2.

    YouTube | 11/21/2021 17:16 | https://www.youtube.com/

  3. 3.

    60 min timer - YouTube | 11/21/2021 17:16 | https://www.youtube.com/results?search_query=60+minute+timer

  4. 4.

    60 min video - YouTube | 11/21/2021 17:16 | https://www.youtube.com/results?search_query=60+minute+video

  5. 5.

    AUTUMN 60 min TIMER, no music #60minutetimer - YouTube | 11/21/2021 17:16 | https://www.youtube.com/watch?v=QRjSongCKkM

  6. 6.

    stocks - Bing | 11/21/2021 17:16 | https://www.bing.com/search?q=stocks &cvid=86ab3c620a934928aa8e1e67a2efb5a3 &aqs=edge.0.0l9.2100j0j1 &pglt=2083 &FORM=ANNTA1 &PC=U531

  7. 7.

    Google | 11/21/2021 17:17 | https://www.google.com/

  8. 8.

    news - Google Search | 11/21/2021 17:17 | https://www.google.com/search?q=news &source=hp &ei=K3-aYfH7KNbVtAabjYugAg &iflsig=ALs-wAMAAAAAYZqNO6Vlx2uhjMZ4JLj8S5Z7fNhmRNql &ved=0ahUKEwixveD3-qn0AhXWKs0KHZvGAiQQ4dUDCAk &uact=5 &oq=news &gs_lcp=Cgdnd3Mtd2l6EAMyCwgAEIAEELEDEIMBMgsIABCABBCxAxCDATIICAAQgAQQsQMyBQgAEIAEMgUILhCABDIICC4QgAQQsQMyBQgAELEDMggIABCxAxCDATIFCAAQgAQyBQgAELEDOg4IABCPARDqAhCMAxDlAjoOCC4QjwEQ6gIQjAMQ5QI6CwguEIAEELEDEIMBOg4ILhCABBCxAxDHARDRAzoOCC4QgAQQsQMQxwEQowI6EQguEIAEELEDEIMBEMcBENEDOgsILhCABBDHARCvAVC8CFjlDWDGD2gBcAB4AIABeogB1QKSAQMzLjGYAQCgAQGwAQo &sclient=gws-wiz

  9. 9.

    Google News | 11/21/2021 17:18 | https://news.google.com/

  10. 10.

    Google News | 11/21/2021 17:18 | https://news.google.com/topstories?hl=en-US &gl=US &ceid=US:en

  11. 11.

    Google News - Technology - Latest | 11/21/2021 17:18 | https://news.google.com/topics/CAAqJggKIiBDQkFTRWdvSUwyMHZNRGRqTVhZU0FtVnVHZ0pWVXlnQVAB?hl=en-US &gl=US &ceid=US%3Aen

  12. 12.

    Ferrari Introduces the Daytona SP3, an 828-HP Tribute to the ‘60s - autoevolution | 11/21/2021 17:19:16 | https://news.google.com/articles/CAIiEOKi16f4Pv4pSWm8Q5nkEQIqMwgEKioIACIQFloNoavzTzBvP2PfEiuO2yoUCAoiEBZaDaGr808wbz9j3xIrjtswx-StBw?hl=en-US &gl=US &ceid=US%3Aen

  13. 13.

    Ferrari Introduces the Daytona SP3, an 828-HP Tribute to the ‘60s - autoevolution | 11/21/2021 17:19:16 | https://www.autoevolution.com/news/ferrari-introduces-the-daytona-sp3-an-828-hp-tribute-to-the-60s-174687.html

  14. 14.

    https://www.bing.com/search?q=krebs+on+security &cvid=4b58f3d343ac4148bb07f3270f3c769a &aqs=edge..69i57.4000j0j1 &pglt=2083 &FORM=ANNTA1 &PC=U531 | 11/21/2021 17:21:22 | https://www.bing.com/search?q=krebs+on+security &cvid=4b58f3d343ac4148bb07f3270f3c769a &aqs=edge..69i57.4000j0j1 &pglt=2083 &FORM=ANNTA1 &PC=U531

  15. 15.

    n/a | 11/21/2021 17:21:22 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fkrebsonsecurity.com%2F

  16. 16.

    Krebs on Security – In-depth security news and investigation | 11/21/2021 17:21:23 | https://krebsonsecurity.com/

  17. 17.

    Can You Jailbreak Your iPhone Running iOS 15 to iOS 15.1? Everything You Need to Know | 11/21/2021 17:31:44 | https://news.google.com/articles/CBMiamh0dHBzOi8vd2NjZnRlY2guY29tL2Nhbi15b3UtamFpbGJyZWFrLXlvdXItaXBob25lLXJ1bm5pbmctaW9zLTE1LXRvLWlvcy0xNS0xLWV2ZXJ5dGhpbmcteW91LW5lZWQtdG8ta25vdy_SAW5odHRwczovL3djY2Z0ZWNoLmNvbS9jYW4teW91LWphaWxicmVhay15b3VyLWlwaG9uZS1ydW5uaW5nLWlvcy0xNS10by1pb3MtMTUtMS1ldmVyeXRoaW5nLXlvdS1uZWVkLXRvLWtub3cvYW1wLw?hl=en-US &gl=US &ceid=US%3Aen

  18. 18.

    Can You Jailbreak Your iPhone Running iOS 15 to iOS 15.1? Everything You Need to Know | 11/21/2021 17:31:44 | https://wccftech.com/can-you-jailbreak-your-iphone-running-ios-15-to-ios-15-1-everything-you-need-to-know/

  19. 19.

    6 incredible Apple deals on Amazon ahead of Black Friday | 11/21/2021 17:35:07 | https://news.google.com/articles/CAIiECDYkClfUpv1m44PIS2Shw4qFQgEKg0IACoGCAow9ckFMIBVMJCfBA?hl=en-US &gl=US &ceid=US%3Aen

  20. 20.

    6 incredible Apple deals on Amazon ahead of Black Friday | 11/21/2021 17:35:07 | https://appleinsider.com/articles/21/11/20/6-epic-apple-deals-on-amazon-599-m1-mac-mini-99-apple-pencil-2-189-airpods-with-magsafe-more

  21. 21.

    Google News - World - Latest | 11/21/2021 17:36:01 | https://news.google.com/topics/CAAqJggKIiBDQkFTRWdvSUwyMHZNRGx1YlY4U0FtVnVHZ0pWVXlnQVAB?hl=en-US &gl=US &ceid=US%3Aen

  22. 22.

    Google News - Sports - Latest | 11/21/2021 17:36:25 | https://news.google.com/topics/CAAqJggKIiBDQkFTRWdvSUwyMHZNRFp1ZEdvU0FtVnVHZ0pWVXlnQVAB?hl=en-US &gl=US &ceid=US%3Aen

  23. 23.

    Google News - Science - Latest | 11/21/2021 17:36:45 | https://news.google.com/topics/CAAqJggKIiBDQkFTRWdvSUwyMHZNRFp0Y1RjU0FtVnVHZ0pWVXlnQVAB?hl=en-US &gl=US &ceid=US%3Aen

  24. 24.

    NASA’s DART Mission To Crash a Spacecraft Into an Asteroid Is Set To Launch – Watch It Live | 11/21/2021 17:36:56 | https://news.google.com/articles/CBMicmh0dHBzOi8vc2NpdGVjaGRhaWx5LmNvbS9uYXNhcy1kYXJ0LW1pc3Npb24tdG8tY3Jhc2gtYS1zcGFjZWNyYWZ0LWludG8tYW4tYXN0ZXJvaWQtaXMtc2V0LXRvLWxhdW5jaC13YXRjaC1pdC1saXZlL9IBdmh0dHBzOi8vc2NpdGVjaGRhaWx5LmNvbS9uYXNhcy1kYXJ0LW1pc3Npb24tdG8tY3Jhc2gtYS1zcGFjZWNyYWZ0LWludG8tYW4tYXN0ZXJvaWQtaXMtc2V0LXRvLWxhdW5jaC13YXRjaC1pdC1saXZlL2FtcC8?hl=en-US &gl=US &ceid=US%3Aen

  25. 25.

    NASA’s DART Mission To Crash a Spacecraft Into an Asteroid Is Set To Launch – Watch It Live | 11/21/2021 17:36:57 | https://scitechdaily.com/nasas-dart-mission-to-crash-a-spacecraft-into-an-asteroid-is-set-to-launch-watch-it-live/

  26. 26.

    https://www.bing.com/search?q=zdnet &cvid=e5e4121259b54fefb3b3bd6ecd0daac1 &aqs=edge.0.0l9.1355j0j4 &FORM=ANAB01 &PC=U531 | 11/21/2021 17:39:11 | https://www.bing.com/search?q=zdnet &cvid=e5e4121259b54fefb3b3bd6ecd0daac1 &aqs=edge.0.0l9.1355j0j4 &FORM=ANAB01 &PC=U531

  27. 27.

    n/a | 11/21/2021 17:39:11 | https://www.bing.com/newtabredir?url=https%3%2F%2Fwww.zdnet.com%2F

  28. 28.

    Technology News, Analysis, Comments and Product Reviews for IT Professionals ZDNet | 11/21/2021 17:39:11 | https://www.zdnet.com/

  29. 29.

    FBI warning: This zero-day VPN software flaw was exploited by APT hackers | ZDNet | 11/21/2021 17:39:45 | https://www.zdnet.com/article/fbi-warning-this-zero-day-vpn-software-flaw-was-exploited-by-apt-hackers/

  30. 30.

    Nylas | Universal Email API | 11/21/2021 17:40:39 | https://www.nylas.com/products/email-api/?gclid=EAIaIQobChMIx8jSg4Cq9AIVi8D2Ah1X_gKBEAEYASAAEgJFSvD_BwE

  31. 31.

    Palo Alto Networks raises FY22 revenue guidance | ZDNet | 11/21/2021 17:41:08 | https://www.zdnet.com/article/palo-alto-networks-raises-fy22-revenue-guidance/

  32. 32.

    Dark web crooks are now teaching courses on how to build botnets | ZDNet | 11/21/2021 17:41:56 | https://www.zdnet.com/article/college-for-cyber-criminals-dark-web-crooks-are-teaching-courses-on-how-to-build-botnets/

  33. 33.

    Security | ZDNet | 11/21/2021 17:48:01 | https://www.zdnet.com/topic/security/

  34. 34.

    Cloud security firm Lacework secures $1.3 billion in new funding round | ZDNet | 11/21/2021 17:48:07 | https://www.zdnet.com/article/cloud-security-firm-lacework-secures-1-3-billion-in-series-d-funding-round/

  35. 35.

    n/a | 11/21/2021 17:52:43 | https://www.bing.com/newtabredir?url=http%3A%2F%2Fwww.foxnews.com%2F

  36. 36.

    Fox News - Breaking News Updates | Latest News Headlines | Photos & News Videos | 11/21/2021 17:52:43 | https://www.foxnews.com/

  37. 37.

    Fox News - Breaking News Updates | Latest News Headlines | Photos & News Videos | 11/21/2021 17:52:43 | http://www.foxnews.com/

  38. 38.

    NBC News - Breaking News & Top Stories - Latest World, US & Local News | NBC News | 11/21/2021 17:54:13 | https://www.nbcnews.com/

  39. 39.

    n/a | 11/21/2021 17:54:13 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fwww.nbcnews.com%2F

  40. 40.

    n/a | 11/21/2021 17:57:27 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fwww.cnn.com%2F

  41. 41.

    CNN - Breaking News, Latest News and Videos | 11/21/2021 17:57:27 | https://www.cnn.com/

  42. 42.

    n/a | 11/21/2021 18:00:33 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fabcnews.go.com%2F

  43. 43.

    ABC News – Breaking News, Latest News, Headlines & Videos - ABC News | 11/21/2021 18:00:34 | https://abcnews.go.com/

  44. 44.

    https://www.bing.com/search?q=news &cvid=5b6fa467060a443d88ffe736905bde5c &aqs=edge..69i57j0l4j69i60l4.1971j0j4 &FORM=ANAB01 &PC=U531 | 11/21/2021 18:07:12 | https://www.bing.com/search?q=news &cvid=5b6fa467060a443d88ffe736905bde5c &aqs=edge..69i57j0l4j69i60l4.1971j0j4 &FORM=ANAB01 &PC=U531

  45. 45.

    n/a | 11/21/2021 18:07:12 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fnypost.com%2Fnews%2F

  46. 46.

    New York Post – Breaking News, Latest US & World Headlines | 11/21/2021 18:07:12 | https://nypost.com/news/

  47. 47.

    n/a | 11/21/2021 18:08:27 | https://www.bing.com/newtabredir?url=%3A%2F%2Fmoney.cnn.com%2Fdata%2Fmarkets%2F

  48. 48.

    Stock Market Data - Dow Jones, Nasdaq, S &P 500 - CNNMoney | 11/21/2021 18:11:48 | https://money.cnn.com/data/markets/

  49. 49.

    https://www.bing.com/search?q=stock &qs=n &form=QBRE &sp=-1 &pq=stock &sc=8-5 &sk= &cvid=5209CCE60D7448CB9FB5488184E0944B | 11/21/2021 18:12:50 | https://www.bing.com/search?q=stock &qs=n &form=QBRE &sp=-1 &pq=stock &sc=8-5 &sk= &cvid=5209CCE60D7448CB9FB5488184E0944B

  50. 50.

    Stock Market Data with Stock Price Feeds | Nasdaq | 11/21/2021 18:12:50 | https://www.nasdaq.com/market-activity/stocks

  51. 51.

    n/a | 11/21/2021 18:12:50 | https://www.bing.com/newtabredir?url=https%3A%2F%2Fwww.nasdaq.com%2Fmarket-activity%2Fstocks

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stanković, M., Khan, T.M. (2023). Digital Forensics Tool Evaluation on Deleted Files. In: Goel, S., Gladyshev, P., Nikolay, A., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 508. Springer, Cham. https://doi.org/10.1007/978-3-031-36574-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36574-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36573-7

  • Online ISBN: 978-3-031-36574-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation