Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Standardization of File Recovery Classification and Authentication



Eoghan Casey, Alexander J. Nelson, Jessica Hyde


Digital forensics can no longer tolerate software that cannot be relied upon to perform specific functions such as file recovery. The root of this problem is a lack of clearly defined software requirements, which compels users and tool testers to make educated guesses and assumptions about how digital forensic tools work. This informal approach results in untested software errors that can result in erroneous decisions, which can have serious consequences in a digital forensic context. To address this problem, this work applies the core forensic processes of classification and authentication to file recovery. Specifically, this work defines a vocabulary for software developers, testers and practitioners to process, present and evaluate results of file recovery operations. This vocabulary can be used by software developers to normalize how file recovery is treated, improving clarity and testability of results, and reducing the chances of misinterpretation. This approach supports tool validation as called for in the international standard ISO/IEC 27041 and required for accreditation under the international standard ISO 17025. This work demonstrates how the vocabulary can be implemented using DFXML, and presents a normalized representation of file recovery results using the evolving Cyber-investigation Analysis Standard Expression (CASE).
Digital Investigation


Digital forensics, Forensic science, Software development, Tool validation, Tool testing, ISO/IEC 27041, ISO/IEC 17025, File recovery, Taxonomy, Standards, SQLite recovery, CASE, DFXML


Casey, E. , Nelson, A. and Hyde, J. (2019), Standardization of File Recovery Classification and Authentication, Digital Investigation, [online],, (Accessed May 19, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created November 30, 2019, Updated October 12, 2021