Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ITCC
2005
IEEE
2005
IEEE
Byteprints: A Tool to Gather Digital Evidence
In this paper, we present techniques to recover useful information from disk drives that are used to store user data. The main idea is to use a logging mechanism to record the modifications to each disk block, and then employ fast algorithms to reconstruct the contents of a file (or a directory) as it existed sometime in the past. Such a consistent snapshot of a file may be used to determine whether a given file ever existed on disk, to undelete a file that was deleted long ago, or to obtain a timeline of activities on a file. This can also be used to validate that a file with given contents existed at some time in the past or to refute a claim that a file existed in a time interval. Information gathered using these consistent snapshots can be used as valuable digital evidence.
Real-time Traffic| Added | 25 Jun 2010 |
| Updated | 25 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ITCC |
| Authors | Sriranjani Sitaraman, Srinivasan Krishnamurthy, Subbarayan Venkatesan |
Comments (0)
Researcher Info
|
