Approved for public release, distribution is unlimited / Disc carving is an essential element of computer forensic analysis. However the high cost of commercial solutions coupled with the lack of availability of open source tools to perform disc analysis has become a hindrance to those performing analysis on UNIX computers. In addition even expensive commercial products offer only a fairly limited ability to "carve" for various files. In this thesis, an open source tool known as Foremost is modified in such a way as to address the need for such a carving tool in a UNIX environment. An implementation of various heuristics for recognizing file formats will be demonstrated as well as the ability to provide some file system specific support. As a result of these implementations a revision of Foremost will be provided that will be made available as an open source tool to aid analysts in their forensic investigations. / Civilian, Federal Cyber Corps
| Identifer | oai:union.ndltd.org:nps.edu/oai:calhoun.nps.edu:10945/2219 |
| Date | 03 1900 |
| Creators | Mikus, Nicholas A. |
| Contributors | Eagle, Christopher S., Dinolt, George, Naval Postgraduate School, Department of Computer Science |
| Publisher | Monterey, California. Naval Postgraduate School |
| Source Sets | Naval Postgraduate School |
| Detected Language | English |
| Type | Thesis |
| Format | xiv, 143 p. : ill., application/pdf |
| Rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, may not be copyrighted. |
Page generated in 0.0016 seconds