Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Standardization of File Recovery Classification and Authentication

Published

Author(s)

Eoghan Casey, Alexander J. Nelson, Jessica Hyde

Abstract

Digital forensics can no longer tolerate software that cannot be relied upon to perform specific functions such as file recovery. The root of this problem is a lack of clearly defined software requirements, which compels users and tool testers to make educated guesses and assumptions about how digital forensic tools work. This informal approach results in untested software errors that can result in erroneous decisions, which can have serious consequences in a digital forensic context. To address this problem, this work applies the core forensic processes of classification and authentication to file recovery. Specifically, this work defines a vocabulary for software developers, testers and practitioners to process, present and evaluate results of file recovery operations. This vocabulary can be used by software developers to normalize how file recovery is treated, improving clarity and testability of results, and reducing the chances of misinterpretation. This approach supports tool validation as called for in the international standard ISO/IEC 27041 and required for accreditation under the international standard ISO 17025. This work demonstrates how the vocabulary can be implemented using DFXML, and presents a normalized representation of file recovery results using the evolving Cyber-investigation Analysis Standard Expression (CASE).
Citation
Digital Investigation
Volume
31

Keywords

Digital forensics, Forensic science, Software development, Tool validation, Tool testing, ISO/IEC 27041, ISO/IEC 17025, File recovery, Taxonomy, Standards, SQLite recovery, CASE, DFXML

Citation

Casey, E. , Nelson, A. and Hyde, J. (2019), Standardization of File Recovery Classification and Authentication, Digital Investigation, [online], https://doi.org/10.1016/j.diin.2019.06.004 (Accessed May 9, 2021)
Created December 1, 2019, Updated February 13, 2020