Difference between revisions of "Main Page"

From ForensicsWiki
Jump to: navigation, search
(archived Linux article)
m
Line 11: Line 11:
  
 
<!-- ARTICLE GOES HERE -->
 
<!-- ARTICLE GOES HERE -->
<small>December-2009</small>
+
<small>JAN-2010</small>
;'''[http://blogs.sans.org/computer-forensics/2009/02/04/what-happens-when-you-overwrite-data/ What happens when you overwrite data?]'''.
+
[http://hal.archives-ouvertes.fr/docs/00/35/09/62/PDF/ColDanDauDef09.pdf Using Graphics Processors for Parallelizing Hash-based Data Carving],  by Sylvain Collange, Marc Daumas, Yoginder S. Dandass, and David Defour, Proceedings of the 42nd Hawaii International Conference on System Sciences - 2009.  
Data recovery Craig S. Wright explores what happens when you try to cover overwritten data using high-quality scientific equipment. His conclusion: "The values do not tell you what existed on the drive prior to the wipe; they just allow you to make a guess, bit by bit. Each time you guess, you compound the error. As recovering a single bit value has little if any forensic value, you soon find that the cumulative errors render any recovered data worthless."
+
 
 +
Abstract
 +
 
 +
The ability to detect fragments of deleted image files and to reconstruct these image files from all available fragments on disk is a key activity in the field of digital forensics. Although reconstruction of image files from the file fragments on disk can be accomplished by simply comparing the content of sectors on disk with the content of known files, this brute-force approach can be time consuming.
 +
 
 +
This paper presents results from research into the use of Graphics Processing Units (GPUs) in detecting specific image file byte patterns in disk clusters. Unique identifying pattern for each disk sector is compared against patterns in known images. A pattern match indicates the potential presence of an image and flags the disk sector for further in-depth examination to confirm the match. The GPU-based implementation outperforms the software implementation by a significant margin.
 
<!--END OF ARTICLE-->
 
<!--END OF ARTICLE-->
  

Revision as of 02:49, 13 January 2010

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 719 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.


Selected Forensics Research

JAN-2010 Using Graphics Processors for Parallelizing Hash-based Data Carving, by Sylvain Collange, Marc Daumas, Yoginder S. Dandass, and David Defour, Proceedings of the 42nd Hawaii International Conference on System Sciences - 2009.

Abstract

The ability to detect fragments of deleted image files and to reconstruct these image files from all available fragments on disk is a key activity in the field of digital forensics. Although reconstruction of image files from the file fragments on disk can be accomplished by simply comparing the content of sectors on disk with the content of known files, this brute-force approach can be time consuming.

This paper presents results from research into the use of Graphics Processing Units (GPUs) in detecting specific image file byte patterns in disk clusters. Unique identifying pattern for each disk sector is compared against patterns in known images. A pattern match indicates the potential presence of an image and flags the disk sector for further in-depth examination to confirm the match. The GPU-based implementation outperforms the software implementation by a significant margin.


(Past selected articles are archived here.)


Topics



You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.