A review of digital forensics methods for JPEG file carving
Digital forensics is an important field of cybersecurity and digital crimes investigation. It entails applying file recovery methods to analyze data from storage media and extract hidden, deleted or overwritten files. The recovery process might have accompanied with cases of unallocated partitions o...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Little Lion Scientific
2018
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/4402/1/AJ%202018%20%28759%29%20A%20review%20of%20digital%20forensics%20methods%20for%20JPEG%20file%20carving.pdf http://eprints.uthm.edu.my/4402/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Digital forensics is an important field of cybersecurity and digital crimes investigation. It entails applying file recovery methods to analyze data from storage media and extract hidden, deleted or overwritten files. The recovery process might have accompanied with cases of unallocated partitions of blocks or clusters and the absence of file system metadata. These cases entail advance recovery methods that have carving abilities. The file carving methods include different types of techniques to identify, validate and reassemble the file. This paper presents a comprehensive study of data recovery, file carving, and file reassembling. It focuses on identifying and recovering JPEG Images as it is a wildly covered in the literature. It classifies the carving techniques into three types: signature-, structure-, and content-based carvers. Subsequently, the paper reviews seven advanced carving methods in the literature. Finally, the paper presents a number of research gaps and conclude a number of possible improvements. Generally, both the gaps and possible improvements are associated with the fragmentation problem of data files. |
|---|