Extraction of Creation-Time for Recovered Files on Windows FAT32 File System-Reference-Cited by-同舟云学术

Extraction of Creation-Time for Recovered Files on Windows FAT32 File System

Published:2019-12-15 Issue:24 Volume:9 Page:5522
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Lee Wan Yeon,Kim Kyong Hoon,Lee Heejo

Abstract

In this article, we propose a creation order reconstruction method of deleted files for the FAT32 file system with Windows operating systems. Creation order of files is established using a correlation between storage locations of the files and their directory entry locations. This method can be utilized to derive the creation-time bound of files recovered without the creation-time information. In this article, we first examine the file allocation behavior of Windows FAT32 file system. Next, based on the examined behavior, we propose a novel method that finds the creation order of deleted files after being recovered without the creation-time information. Due to complex behaviors of Windows FAT32 file system, the method may find multiple creation orders although the actual creation order is unique. In experiments with a commercial device, we confirm that the actual creation order of each recovered file belongs to one of the creation orders found by the method.

Funder

National Research Foundation of Korea

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/9/24/5522/pdf

Reference29 articles.

1. Video content authentication techniques: a comprehensive survey

2. A Survey on Multimedia File Carving

3. A Survey of Digital Watermarking Techniques for Multimedia Data;Husain;Int. J. Electron. Commun. Eng.,2011

4. Digital video tampering detection: An overview of passive techniques;Kk;Dig. Invest.,2016

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Beyond timestamps: Integrating implicit timing information into digital forensic timelines;Forensic Science International: Digital Investigation;2024-07

2. Research and Implementation of EXFAT File System Reconstruction Algorithm Based on Cluster Size Assumption and Computational Verification;Lecture Notes in Computer Science;2024

3. NULL byte injection;Proceedings of the Twenty-Third International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing;2022-10-03

4. A Scheme of Traceless File Deletion for Windows FAT32 File System;Proceedings of the 2021 ACM International Conference on Intelligent Computing and its Emerging Applications;2021-12-28

5. Automatic reconstruction of deleted AVI video files composed of scattered and corrupted fragments;Multimedia Tools and Applications;2020-08-02