Abstract
In digital forensic, evidence images are stored on the disk by a forensic tool. However, the stored images can be damaged due to unexpected internal and external electromagnetic effects. Existing forensic tools only provide integrity and authenticity of the evidence images by utilizing legacy cryptographic methods, i.e., applying hash values and digital signatures. Accordingly, such integrity and authenticity applied to those evidence images can be easily corrupted when the disk is damaged. In this paper, we focus on such limitations of the existing forensic tools and introduce a new scheme that can recover and protect the evidence images on the disk. Specifically, evidence images are divided into blocks; linkage relations between those blocks are formed; and a meta-block is applied to restore the damaged blocks. Blocks in the damaged areas detected using CRC information are subject to a multi-dimensional block operation for recovery of damaged blocks and protection for evidence images.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig1_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig2_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig3_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig4_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig5_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig6_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig7_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig8_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig9_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig10_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig11_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig12_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig13_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig14_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig15_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig16_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig17_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-011-0738-9/MediaObjects/11042_2011_738_Fig18_HTML.gif)
Similar content being viewed by others
References
Baryamureeba V, Tushabe F (2006) The enhanced digital investigation process model. Asian J Inf Technol 5(7):790–794
Beebe NL, Clark JG (2005) A hierarchical, objectives-based framework for the digital investigations process. Digit Investig 2(2):147–167
Casey E (2002) Handbook of computer crime investigation. Academic Press
Casey E (2004) Digital evidence and computer crime. Computer and Internet 2nd. Academic Press, pp 199–205
EnCase Study Guide Version 6 (2008) Guidance software
Evidence Grade Bitstream Backup Utility (2003) Introduction to SafeBack 3.0. NTI
Freiling F, Mantel H (2006) Towards automating analysis in computer forensics. RWTH Aachen University, pp 21-56
Hard Disk Write Block Tool Specification (2002) Ver 2.0 Draft, NIST, May
Rubin P, MacKenzie D, Kemp S (2004) dd-convert and copy a file. Linux manual pages, July
Acknowledgement
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (No. 2010-0022858)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jang, EG., Koh, BS. & Choi, YR. A study on block-based recovery of damaged digital forensic evidence image. Multimed Tools Appl 57, 407–422 (2012). https://doi.org/10.1007/s11042-011-0738-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-011-0738-9