Path: Top -> Journal -> Telkomnika -> 2018 -> Vol. 16, No. 2, April

File Reconstruction in Digital Forensic

Journal from gdlhub / 2018-05-30 14:25:35
Oleh : Opim Salim Sitompul, Andrew Handoko, Romi Fadillah Rahmat, Telkomnika
Dibuat : 2018-05-30, dengan 1 file

Keyword : digital forensic; file undelete; file recovery; Aho-Corasick algorithm; finite state automata;
Url : http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/8230
Sumber pengambilan dokumen : WEB

File recovery is one of the stages in computer forensic investigative process to identify an acquired file to be used as digital evident. The recovery is performed on files that have been deleted from a file system. However, in order to recover a deleted file, some considerations should be taken. A deleted file is potentially modified from its original condition because another file might either partly or entirely overriding the file content. A typical approach in recovering deleted file is to apply Boyer-Moore algorithm that has rather high time complexity in terms of string searching. Therefore, a better string matching approach for recovering deleted file is required. We propose Aho-Corasick parsing technique to read file attributes from the master file table (MFT) in order to examine the file condition. If the file was deleted, then the parser search the file content in order to reconstruct the file. Experiments were conducted using several file modifications, such as 0% (unmodified), 18.98%, 32.21% and 59.77%. From the experimental results we found that the file reconstruction process on the file system was performed successfully. The average successful rate for the file recovery from four experiments on each modification was 87.50% and for the string matching process average time on searching file names was 0.32 second.

Beri Komentar ?#(0) | Bookmark

PropertiNilai Properti
ID Publishergdlhub
OrganisasiTelkomnika
Nama KontakHerti Yani, S.Kom
AlamatJln. Jenderal Sudirman
KotaJambi
DaerahJambi
NegaraIndonesia
Telepon0741-35095
Fax0741-35093
E-mail Administratorelibrarystikom@gmail.com
E-mail CKOelibrarystikom@gmail.com

Print ...

Kontributor...

  • , Editor: sukadi

Download...