Skip to main content
SpringerLink
Log in

Improved deleted file recovery technique for Ext2/3 filesystem

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Digital devices are increasingly being used in various crimes, and therefore, it becomes important for law enforcement agencies to be able to investigate and analyze digital devices. Accordingly, there is an increasing demand for digital forensic technologies which can recover the data concealed or deleted by criminals that are of prime importance. There are various digital forensic tools available for Windows-based systems and relatively a few of those for Linux-based systems. Thus, this paper suggests a deleted file recovery technique for the Ext 2/3 filesystem, which is commonly used in Linux. The research involved the analysis of the Ext filesystem structure, file storage structure, and metadata information of file. The shortcomings of the existing methods and methods implemented by the proposed technique to address them are presented. Further, a comparison of the performance of the proposed technique and that of the existing methods is presented.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Narváez G (2007) Taking advantage of Ext3 journaling filesystem in a forensic investigation. SANS Institute, pp 1–35

  2. Fairbanks KD (2012) An analysis of Ext4 for digital forensics. Digit Investig 9:S118–S130

    Article  Google Scholar 

  3. Piper S, Davis M, Manes G, Shenoi S (2005) Detecting hidden data in Ext2/Ext3 filesystems. Advances in digital forensics, the international federation for information processing, vol 194, pp 245–256

  4. Barik MS, Gupta G, Sinha S, Mishra A, Mazumdar C (2007) An efficient technique for enhancing forensic capabilities of Ext2 filesystem. Digit Investig 4S:S55–S61

    Article  Google Scholar 

  5. Park J, Chung H, Lee S (2012) Forensic analysis techniques for fragmented flash memory pages in smartphones. Digit Investig 9:109–118

    Article  Google Scholar 

  6. Phillips D (2002) A directory index for Ext2. Linux symposium, Ottawa

  7. Cohen M (2007) Advanced carving techniques. Digit Investig 4(3–4):119

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ajou University, Suwon, South Korea

    Seokjun Lee & Taeshik Shon

Authors
  1. Seokjun Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Taeshik Shon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Taeshik Shon.

Additional information

This research was supported by the Public Welfare and Safety Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (NRF-2012M3A2A1051116).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lee, S., Shon, T. Improved deleted file recovery technique for Ext2/3 filesystem. J Supercomput 70, 20–30 (2014). https://doi.org/10.1007/s11227-014-1282-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-014-1282-y

Keywords

Search

Navigation