Abstract
This paper investigates the possibilities for the automatic creation of scenario-based test file images for computer forensics testing purposes, and goes on to discuss and review a tool developed for this task. The tool creates NTFS images based on user-selectable data hiding and timeline management. In this paper we document both the creation of the tool and report on its use in a variety of test situations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Guo, Y., Slay, J., Beckett, J.: Validation and verification of computer forensic software tools-Searching Function. Digital Invest. 6, S12–S22 (2009)
Duffy, K.P., Davis Jr., M.H., Sethi, V.: Demonstrating operating system principles via computer forensics exercises. J. Inf. Syst. Educ. 21(2), 195–202 (2010)
Agarwal, R., Karahanna, E.: Time flies when you’re having fun: cognitive absorption and beliefs about information technology usage. mis quarterly 24(4), 665–694 (2000)
Carrier, B.: Digital forensics tool testing images, August 2010. http://dftt.sourceforge.net, Accessed 20/03/2014
Moch, C., Freiling, F.C.: The forensic image generator generator (forensig2). In: 2009 Fifth International Conference on IT Security Incident Management and IT Forensics, pp. 78–93. IEEE, September 2009
Moch, C.: Der festplatte forensik fall generator, Master’s thesis, University of Mannheim (2009)
Visti, H.: Automatic creation of computer forensic test images, Master’s thesis, University of Westminster (2013)
Huebner, E., Bem, D., Wee, C.K.: Data hiding in the NTFS file system. Digital Invest. 3(4), 211–226 (2006)
Carrier, B.: File System Forensic Analysis. Addison-Wesley Professional, Boston, London (2005)
Hayes, D., Reddy, V., Qureshi, S.: The impact of microsoft’s windows 7 on computer forensics examinations. In: Applications and Technology Conference, pp. 1–6, IEEE, May 2010
Bang, J., Yoo, B., Lee, S.: Analysis of changes in file time attributes with file manipulation. Digital Invest. 7(3), 135–144 (2011)
Anon, Timestomp, November 2010
Tuxera, NTFS-3G manual (2014). http://www.tuxera.com/community/ntfs-3g-manual, Accessed 20/03/2014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Visti, H., Tohill, S., Douglas, P. (2015). Automatic Creation of Computer Forensic Test Images. In: Garain, U., Shafait, F. (eds) Computational Forensics. IWCF IWCF 2012 2014. Lecture Notes in Computer Science(), vol 8915. Springer, Cham. https://doi.org/10.1007/978-3-319-20125-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-20125-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-20124-5
Online ISBN: 978-3-319-20125-2
eBook Packages: Computer ScienceComputer Science (R0)