Skip to main content
SpringerLink
Log in

A study on block-based recovery of damaged digital forensic evidence image

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

In digital forensic, evidence images are stored on the disk by a forensic tool. However, the stored images can be damaged due to unexpected internal and external electromagnetic effects. Existing forensic tools only provide integrity and authenticity of the evidence images by utilizing legacy cryptographic methods, i.e., applying hash values and digital signatures. Accordingly, such integrity and authenticity applied to those evidence images can be easily corrupted when the disk is damaged. In this paper, we focus on such limitations of the existing forensic tools and introduce a new scheme that can recover and protect the evidence images on the disk. Specifically, evidence images are divided into blocks; linkage relations between those blocks are formed; and a meta-block is applied to restore the damaged blocks. Blocks in the damaged areas detected using CRC information are subject to a multi-dimensional block operation for recovery of damaged blocks and protection for evidence images.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18

Similar content being viewed by others

References

  1. Baryamureeba V, Tushabe F (2006) The enhanced digital investigation process model. Asian J Inf Technol 5(7):790–794

    Google Scholar 

  2. Beebe NL, Clark JG (2005) A hierarchical, objectives-based framework for the digital investigations process. Digit Investig 2(2):147–167

    Article  Google Scholar 

  3. Casey E (2002) Handbook of computer crime investigation. Academic Press

  4. Casey E (2004) Digital evidence and computer crime. Computer and Internet 2nd. Academic Press, pp 199–205

  5. EnCase Study Guide Version 6 (2008) Guidance software

  6. Evidence Grade Bitstream Backup Utility (2003) Introduction to SafeBack 3.0. NTI

  7. Freiling F, Mantel H (2006) Towards automating analysis in computer forensics. RWTH Aachen University, pp 21-56

  8. Hard Disk Write Block Tool Specification (2002) Ver 2.0 Draft, NIST, May

  9. Rubin P, MacKenzie D, Kemp S (2004) dd-convert and copy a file. Linux manual pages, July

Download references

Acknowledgement

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (No. 2010-0022858)

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Daejeon University, 96-3 Yongun-dong, Dong-gu, Daejeon, 300-716, South Korea

    Eun-Gyeom Jang & Yong-Rak Choi

  2. 8F DMC R&D Center, E3-2, DMC Sangam-Dong, Mapo-Gu, Seoul, 121-270, South Korea

    Byong-Soo Koh

Authors
  1. Eun-Gyeom Jang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Byong-Soo Koh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yong-Rak Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eun-Gyeom Jang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Jang, EG., Koh, BS. & Choi, YR. A study on block-based recovery of damaged digital forensic evidence image. Multimed Tools Appl 57, 407–422 (2012). https://doi.org/10.1007/s11042-011-0738-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-011-0738-9

Keywords

Search

Navigation