{"title":"基于元数据的删除文件恢复(DFR)工具是否符合NIST指南?","authors":"Andrew Meyer, Sankardas Roy","doi":"10.4108/eai.13-7-2018.163091","DOIUrl":null,"url":null,"abstract":"Digital forensics (DF) tools are used for post-mortem investigation of cyber-crimes. CFTT (Computer Forensics Tool Testing) Program at National Institute of Standards and Technology (NIST) has defined expectations for a DF tool’s behavior. Understanding these expectations and how DF tools work is critical for ensuring integrity of the forensic analysis results. In this paper, we consider standardization of one class of DF tools which are for Deleted File Recovery (DFR). We design a list of canonical test file system images to evaluate a DFR tool. Via extensive experiments we find that many popular DFR tools do not satisfy some of the standards, and we compile a comparative analysis of these tools, which could help the user choose the right tool. Furthermore, one of our research questions identifies the factors which make a DFR tool fail. Moreover, we also provide critique on applicability of the standards. Our findings is likely to trigger more research on compliance of standards from the researcher community as well as the practitioners.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Do Metadata-based Deleted-File-Recovery (DFR) Tools Meet NIST Guidelines?\",\"authors\":\"Andrew Meyer, Sankardas Roy\",\"doi\":\"10.4108/eai.13-7-2018.163091\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Digital forensics (DF) tools are used for post-mortem investigation of cyber-crimes. CFTT (Computer Forensics Tool Testing) Program at National Institute of Standards and Technology (NIST) has defined expectations for a DF tool’s behavior. Understanding these expectations and how DF tools work is critical for ensuring integrity of the forensic analysis results. In this paper, we consider standardization of one class of DF tools which are for Deleted File Recovery (DFR). We design a list of canonical test file system images to evaluate a DFR tool. Via extensive experiments we find that many popular DFR tools do not satisfy some of the standards, and we compile a comparative analysis of these tools, which could help the user choose the right tool. Furthermore, one of our research questions identifies the factors which make a DFR tool fail. Moreover, we also provide critique on applicability of the standards. Our findings is likely to trigger more research on compliance of standards from the researcher community as well as the practitioners.\",\"PeriodicalId\":335727,\"journal\":{\"name\":\"EAI Endorsed Trans. Security Safety\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"EAI Endorsed Trans. Security Safety\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/eai.13-7-2018.163091\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Security Safety","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eai.13-7-2018.163091","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Do Metadata-based Deleted-File-Recovery (DFR) Tools Meet NIST Guidelines?
Digital forensics (DF) tools are used for post-mortem investigation of cyber-crimes. CFTT (Computer Forensics Tool Testing) Program at National Institute of Standards and Technology (NIST) has defined expectations for a DF tool’s behavior. Understanding these expectations and how DF tools work is critical for ensuring integrity of the forensic analysis results. In this paper, we consider standardization of one class of DF tools which are for Deleted File Recovery (DFR). We design a list of canonical test file system images to evaluate a DFR tool. Via extensive experiments we find that many popular DFR tools do not satisfy some of the standards, and we compile a comparative analysis of these tools, which could help the user choose the right tool. Furthermore, one of our research questions identifies the factors which make a DFR tool fail. Moreover, we also provide critique on applicability of the standards. Our findings is likely to trigger more research on compliance of standards from the researcher community as well as the practitioners.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
