Cover Image

File Reconstruction in Digital Forensic

Main Authors: Sitompul, Opim Salim; Universitas Sumatera Utara, Handoko, Andrew; Universitas Sumatera Utara, Rahmat, Romi Fadillah; Universitas Sumatera Utara
Other Authors: Lembaga Penelitian, Universitas Sumatera Utara
Format: Article info application/pdf eJournal
Bahasa: eng
Terbitan: Universitas Ahmad Dahlan , 2018
Subjects:
digital forensic
file undelete
file recovery
Aho-Corasick algorithm
finite state automata
Online Access: http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/8230
http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/8230/pdf_660
ctrlnum article-8230
fullrecord <?xml version="1.0"?> <dc schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/ http://www.openarchives.org/OAI/2.0/oai_dc.xsd"><title lang="en-US">File Reconstruction in Digital Forensic</title><creator>Sitompul, Opim Salim; Universitas Sumatera Utara</creator><creator>Handoko, Andrew; Universitas Sumatera Utara</creator><creator>Rahmat, Romi Fadillah; Universitas Sumatera Utara</creator><subject lang="en-US">digital forensic; file undelete; file recovery; Aho-Corasick algorithm; finite state automata;</subject><description lang="en-US">File recovery is one of the stages in computer forensic investigative process to identify an acquired file to be used as digital evident. The recovery is performed on files that have been deleted from a file system. However, in order to recover a deleted file, some considerations should be taken. A deleted file is potentially modified from its original condition because another file might either partly or entirely overriding the file content. A typical approach in recovering deleted file is to apply Boyer-Moore algorithm that has rather high time complexity in terms of string searching. Therefore, a better string matching approach for recovering deleted file is required. We propose Aho-Corasick parsing technique to read file attributes from the master file table (MFT) in order to examine the file condition. If the file was deleted, then the parser search the file content in order to reconstruct the file. Experiments were conducted using several file modifications, such as 0% (unmodified), 18.98%, 32.21% and 9.77%. From the experimental results we found that the file reconstruction process on the file system was performed successfully. The average successful rate for the file recovery from four experiments on each modification was 87.50% and for the string matching process average time on searching file names was 0.32 second.</description><publisher lang="en-US">Universitas Ahmad Dahlan</publisher><contributor lang="en-US">Lembaga Penelitian, Universitas Sumatera Utara</contributor><date>2018-04-01</date><type>Journal:Article</type><type>Other:info:eu-repo/semantics/publishedVersion</type><type>Other:</type><type>File:application/pdf</type><identifier>http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/8230</identifier><identifier>10.12928/telkomnika.v16i2.8230</identifier><source lang="en-US">TELKOMNIKA (Telecommunication Computing Electronics and Control); Vol 16, No 2: April 2018; 776-794</source><source>2302-9293</source><source>1693-6930</source><source>10.12928/telkomnika.v16i2</source><language>eng</language><relation>http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/8230/pdf_660</relation><rights lang="0">Copyright (c) 2018 Universitas Ahmad Dahlan</rights><rights lang="0">http://creativecommons.org/licenses/by-nc-nd/4.0</rights><recordID>article-8230</recordID></dc>
language eng
format Journal:Article
Journal
Other:info:eu-repo/semantics/publishedVersion
Other
Other:
File:application/pdf
File
Journal:eJournal
author Sitompul, Opim Salim; Universitas Sumatera Utara
Handoko, Andrew; Universitas Sumatera Utara
Rahmat, Romi Fadillah; Universitas Sumatera Utara
author2 Lembaga Penelitian, Universitas Sumatera Utara
title File Reconstruction in Digital Forensic
publisher Universitas Ahmad Dahlan
publishDate 2018
topic digital forensic
file undelete
file recovery
Aho-Corasick algorithm
finite state automata
url http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/8230
http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/8230/pdf_660
contents File recovery is one of the stages in computer forensic investigative process to identify an acquired file to be used as digital evident. The recovery is performed on files that have been deleted from a file system. However, in order to recover a deleted file, some considerations should be taken. A deleted file is potentially modified from its original condition because another file might either partly or entirely overriding the file content. A typical approach in recovering deleted file is to apply Boyer-Moore algorithm that has rather high time complexity in terms of string searching. Therefore, a better string matching approach for recovering deleted file is required. We propose Aho-Corasick parsing technique to read file attributes from the master file table (MFT) in order to examine the file condition. If the file was deleted, then the parser search the file content in order to reconstruct the file. Experiments were conducted using several file modifications, such as 0% (unmodified), 18.98%, 32.21% and 9.77%. From the experimental results we found that the file reconstruction process on the file system was performed successfully. The average successful rate for the file recovery from four experiments on each modification was 87.50% and for the string matching process average time on searching file names was 0.32 second.
id IOS2608.article-8230
institution Universitas Ahmad Dahlan
institution_id 62
institution_type library:university
library
library Perpustakaan Universitas Ahmad Dahlan
library_id 467
collection TELKOMNIKA Telecommunication, Computing, Electronics and Control
repository_id 2608
subject_area Rekayasa
Program Komputer dan Teknologi Informasi
city KOTA YOGYAKARTA
province DAERAH ISTIMEWA YOGYAKARTA
repoId IOS2608
first_indexed 2018-01-31T22:30:15Z
last_indexed 2019-05-04T23:35:30Z
recordtype dc
merged_child_boolean 1
_version_ 1722532504530845696
score 17.203503

Lihat Juga