Using a forensic imager to produce a copy of the storage is a common practice. Due to the large volumes of the modern disks, the imaging may impose severe time overhead which ultimately delays the investigation process. We proposed automated disk analysis techniques that precisely identify regions on the disk that contain data. We also developed a high performance imager that produces AFFv3 images at rates exceeding 300MB/s. Using multiple disk analysis strategies we can analyze a disk within a few minutes and yet reduce the imaging time of by many hours. Partial AFFv3 images produced by our imager can be analyzed by existing digital forensics tools, which makes our approach to be easily incorporated into the workflow of practicing forensics investigators. The proposed approach renders feasible in the forensic environments where the time is critical constraint, as it provides significant performance boost, which facilitates faster investigation turnaround times and reduces case backlogs.
| Identifer | oai:union.ndltd.org:uno.edu/oai:scholarworks.uno.edu:td-3333 |
| Date | 11 August 2016 |
| Creators | gorbov, sergey |
| Publisher | ScholarWorks@UNO |
| Source Sets | University of New Orleans |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | University of New Orleans Theses and Dissertations |
| Rights | http://creativecommons.org/licenses/by/4.0/ |
Page generated in 0.002 seconds