An effective and efficient testing methodology for correctness testing for file recovery tools

We hereby develop an effective and efficient testing methodology for correctness testing for file recovery tools across different file systems. We assume that the tool tester is familiar with the formats of common file types and has the ability to use the tools correctly. Our methodology first derives a testing plan to minimize the number of runs required to identify the differences in tools with respect to correctness. We also present a case study on correctness testing for file carving tools, which allows us to confirm that the number of necessary testing runs is bounded and our results are statistically sound. <br /

Using multiple GPUs to accelerate string searching for digital forensic analysis

String searching within a large corpus of data is an important component of digital forensic (DF) analysis techniques such as file carving. The continuing increase in capacity of consumer storage devices requires corresponding im-provements to the performance of string searching techniques. As string search-ing is a trivially-parallelisable problem, GPGPU approaches are a natural fit – but previous studies have found that local storage presents an insurmountable performance bottleneck. We show that this need not be the case with modern hardware, and demonstrate substantial performance improvements from the use of single and multiple GPUs when searching for strings within a typical forensic disk image

OpenForensics:a digital forensics GPU pattern matching approach for the 21st century

Pattern matching is a crucial component employed in many digital forensic (DF) analysis techniques, such as file-carving. The capacity of storage available on modern consumer devices has increased substantially in the past century, making pattern matching approaches of current generation DF tools increasingly ineffective in performing timely analyses on data seized in a DF investigation. As pattern matching is a trivally parallelisable problem, general purpose programming on graphic processing units (GPGPU) is a natural fit for this problem. This paper presents a pattern matching framework - OpenForensics - that demonstrates substantial performance improvements from the use of modern parallelisable algorithms and graphic processing units (GPUs) to search for patterns within forensic images and local storage devices

Maintenance management process model for school buildings: an application of IDEF0 modelling methodology

The lack of a clear understanding of the maintenance management process is one of the major sources of difficulties in the maintenance of school buildings. A clearer understanding of the maintenance management process can be achieved by constructing a process model of the existing practices using a suitable process modelling technique. The purpose of this study was to develop a process model for the management of maintenance of school buildings using the IDEF0 structured modelling technique. The modelling process is divided into three phases, (i) the information gathering phase, (ii) the model development phase and (ii) the experts' evaluation and validation phase. In the first phase, information on existing maintenance practices was obtained through questionnaires and document analysis of policies, standing orders and maintenance reports. In the second phase, a process model was drafted through an iterative process using the IDEF0 process modelling technique. In the third phase, the draft process model was submitted to three experts on maintenance management from the Ministry of Education Malaysia for evaluation and validation. A ready to implement process model for the maintenance management of school buildings was constructed upon validation by the experts

Development of a micro-extruder with vibration mode for microencapsulation of human keratinocytes in calcium alginate

Microencapsulation is a promising technique to form microtissues. The existing cell microencapsulation technologies that involved extrusion and vibration are designed with complex systems and required the use of high energy. A micro-extruder with an inclusion of simple vibrator that has the commercial value for creating a 3D cell model has been developed in this work. This system encapsulates human keratinocytes (HaCaT) in calcium alginate and the size of the microcapsules is controllable in the range of 500-800 µm by varying the flow rates of the extruded solution and frequency of the vibrator motor ( I 0-63 Hz). At 0.13 ml/min of flow rate and vibration rate of 26.4 Hz, approximately 40 ± IO pieces of the alginate microcapsules in a size 632.14 ± I 0.35 µm were produced. Approximately I 00 µm suspension of cells at different cells densities of 1.55 x I 05 cells/ml and 1.37 x I 07 cells/ml were encapsulated for investigation of microtissues formation. Fourier transform infrared spectroscopy (FTIR) analysis showed the different functional groups and chemistry contents of the calcium alginate with and without the inclusion of HaCaT cells in comparison to the monolayers of HaCaT cells. From Field Emission Scanning Electron Microscope (FESEM) imaging, calcium alginate microcapsules were characterised by spherical shape and homogenous surface morphology. Via the nuclei staining, the distance between cells was found reduced as the incubation period increased. This indicated that the cells merged into microtissues with good cell-cell adhesions. After 15 days of culture, the cells were still viable as indicated by the fluorescence green expression of calcein­acetoxymethyl. Replating experiment indicated that the cells from the microtissues were able to migrate and has the tendency to form monolayer of cells on the culture flask. The system was successfully developed and applied to encapsulate cells to produce 3D microtissues

Development of a micro-extruder with vibration mode for microencapsulation of human keratinocytes in calcium alginate

Microencapsulation is a promising technique to form microtissues. The existing cell microencapsulation technologies that involved extrusion and vibration are designed with complex systems and required the use of high energy. A micro-extruder with an inclusion of simple vibrator that has the commercial value for creating a 3D cell model has been developed in this work. This system encapsulates human keratinocytes (HaCaT) in calcium alginate and the size of the microcapsules is controllable in the range of 500-800 µm by varying the flow rates of the extruded solution and frequency of the vibrator motor ( I 0-63 Hz). At 0.13 ml/min of flow rate and vibration rate of 26.4 Hz, approximately 40 ± IO pieces of the alginate microcapsules in a size 632.14 ± I 0.35 µm were produced. Approximately I 00 µm suspension of cells at different cells densities of 1.55 x I 05 cells/ml and 1.37 x I 07 cells/ml were encapsulated for investigation of microtissues formation. Fourier transform infrared spectroscopy (FTIR) analysis showed the different functional groups and chemistry contents of the calcium alginate with and without the inclusion of HaCaT cells in comparison to the monolayers of HaCaT cells. From Field Emission Scanning Electron Microscope (FESEM) imaging, calcium alginate microcapsules were characterised by spherical shape and homogenous surface morphology. Via the nuclei staining, the distance between cells was found reduced as the incubation period increased. This indicated that the cells merged into microtissues with good cell-cell adhesions. After 15 days of culture, the cells were still viable as indicated by the fluorescence green expression of calcein­acetoxymethyl. Replating experiment indicated that the cells from the microtissues were able to migrate and has the tendency to form monolayer of cells on the culture flask. The system was successfully developed and applied to encapsulate cells to produce 3D microtissues

Using open source forensic carving tools on split dd and EWF files.

This study tests a number of open source forensic carving tools to determine their viability when run across split raw forensic images (dd) and Expert Witness Compression Format (EWF) images. This is done by carving files from a raw dd file to determine the baseline before running each tool over the different image types and analysing the results. A framework is then written in python to allow Scalpel to be run across any split dd image, whilst simultaneously concatenating the carved files and sorting by file type. This study tests the framework on a number of scenarios and concludes that this is an effective method of carving files using Scalpel over split dd images

Advanced Techniques for Improving the Efficacy of Digital Forensics Investigations

Digital forensics is the science concerned with discovering, preserving, and analyzing evidence on digital devices. The intent is to be able to determine what events have taken place, when they occurred, who performed them, and how they were performed. In order for an investigation to be effective, it must exhibit several characteristics. The results produced must be reliable, or else the theory of events based on the results will be flawed. The investigation must be comprehensive, meaning that it must analyze all targets which may contain evidence of forensic interest. Since any investigation must be performed within the constraints of available time, storage, manpower, and computation, investigative techniques must be efficient. Finally, an investigation must provide a coherent view of the events under question using the evidence gathered. Unfortunately the set of currently available tools and techniques used in digital forensic investigations does a poor job of supporting these characteristics. Many tools used contain bugs which generate inaccurate results; there are many types of devices and data for which no analysis techniques exist; most existing tools are woefully inefficient, failing to take advantage of modern hardware; and the task of aggregating data into a coherent picture of events is largely left to the investigator to perform manually. To remedy this situation, we developed a set of techniques to facilitate more effective investigations. To improve reliability, we developed the Forensic Discovery Auditing Module, a mechanism for auditing and enforcing controls on accesses to evidence. To improve comprehensiveness, we developed ramparser, a tool for deep parsing of Linux RAM images, which provides previously inaccessible data on the live state of a machine. To improve efficiency, we developed a set of performance optimizations, and applied them to the Scalpel file carver, creating order of magnitude improvements to processing speed and storage requirements. Last, to facilitate more coherent investigations, we developed the Forensic Automated Coherence Engine, which generates a high-level view of a system from the data generated by low-level forensics tools. Together, these techniques significantly improve the effectiveness of digital forensic investigations conducted using them

Analysis of File Carving Approaches : A Literature Review

Home Advances in Cyber Security Conference paper Analysis of File Carving Approaches: A Literature Review Nor Ika Shahirah Ramli, Syifak Izhar Hisham & Gran Badshah Conference paper First Online: 01 January 2022 1262 Accesses 2 Citations Part of the Communications in Computer and Information Science book series (CCIS,volume 1487) Abstract Digital forensics is a crucial process of identifying, conserving, retrieving, evaluating, and documenting digital evidence obtained on computers and other electronic devices. Data restoration and analysis on file systems is one of digital forensic science’s most fundamental practices. There is a lot of research being done in developing file carving approaches and different researches focused on different aspects. With the increasing numbers of literature that are covering this research area, there is a need to review this literature for further reference. A review is carried out reviewing different works of literature covering various aspects of carving approaches from multiple digital data sources including IEEE Xplore, Google Scholar, Web of Science, etc. This analysis is done to consider several perspectives which are the current research direction of the file carving approach, the classification for the file carving approaches, and also the challenges are to be highlighted. Based on the analysis, we are able to state the current state of the art of file carving. We classify the carving approach into five classifications which are general carving, carving by specific file type, carving by structure, carving by the file system, and carving by fragmentation. We are also able to highlight several of the challenges for file carving mentioned in the past research. This study will serve as a reference for scientists to evaluate different strategies and obstacles for carving so that they may choose the suitable carving approaches for their study and also future developments