Abstract
This paper investigates the possibilities for the automatic creation of scenario-based test file images for computer forensics testing purposes, and goes on to discuss and review a tool developed for this task. The tool creates NTFS images based on user-selectable data hiding and timeline management. In this paper we document both the creation of the tool and report on its use in a variety of test situations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Guo, Y., Slay, J., Beckett, J.: Validation and verification of computer forensic software tools-Searching Function. Digital Invest. 6, S12–S22 (2009)
Duffy, K.P., Davis Jr., M.H., Sethi, V.: Demonstrating operating system principles via computer forensics exercises. J. Inf. Syst. Educ. 21(2), 195–202 (2010)
Agarwal, R., Karahanna, E.: Time flies when you’re having fun: cognitive absorption and beliefs about information technology usage. mis quarterly 24(4), 665–694 (2000)
Carrier, B.: Digital forensics tool testing images, August 2010. http://dftt.sourceforge.net, Accessed 20/03/2014
Moch, C., Freiling, F.C.: The forensic image generator generator (forensig2). In: 2009 Fifth International Conference on IT Security Incident Management and IT Forensics, pp. 78–93. IEEE, September 2009
Moch, C.: Der festplatte forensik fall generator, Master’s thesis, University of Mannheim (2009)
Visti, H.: Automatic creation of computer forensic test images, Master’s thesis, University of Westminster (2013)
Huebner, E., Bem, D., Wee, C.K.: Data hiding in the NTFS file system. Digital Invest. 3(4), 211–226 (2006)
Carrier, B.: File System Forensic Analysis. Addison-Wesley Professional, Boston, London (2005)
Hayes, D., Reddy, V., Qureshi, S.: The impact of microsoft’s windows 7 on computer forensics examinations. In: Applications and Technology Conference, pp. 1–6, IEEE, May 2010
Bang, J., Yoo, B., Lee, S.: Analysis of changes in file time attributes with file manipulation. Digital Invest. 7(3), 135–144 (2011)
Anon, Timestomp, November 2010
Tuxera, NTFS-3G manual (2014). http://www.tuxera.com/community/ntfs-3g-manual, Accessed 20/03/2014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Visti, H., Tohill, S., Douglas, P. (2015). Automatic Creation of Computer Forensic Test Images. In: Garain, U., Shafait, F. (eds) Computational Forensics. IWCF IWCF 2012 2014. Lecture Notes in Computer Science(), vol 8915. Springer, Cham. https://doi.org/10.1007/978-3-319-20125-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-20125-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-20124-5
Online ISBN: 978-3-319-20125-2
eBook Packages: Computer ScienceComputer Science (R0)