Abstract
Digital devices are increasingly being used in various crimes, and therefore, it becomes important for law enforcement agencies to be able to investigate and analyze digital devices. Accordingly, there is an increasing demand for digital forensic technologies which can recover the data concealed or deleted by criminals that are of prime importance. There are various digital forensic tools available for Windows-based systems and relatively a few of those for Linux-based systems. Thus, this paper suggests a deleted file recovery technique for the Ext 2/3 filesystem, which is commonly used in Linux. The research involved the analysis of the Ext filesystem structure, file storage structure, and metadata information of file. The shortcomings of the existing methods and methods implemented by the proposed technique to address them are presented. Further, a comparison of the performance of the proposed technique and that of the existing methods is presented.
Similar content being viewed by others
References
Narváez G (2007) Taking advantage of Ext3 journaling filesystem in a forensic investigation. SANS Institute, pp 1–35
Fairbanks KD (2012) An analysis of Ext4 for digital forensics. Digit Investig 9:S118–S130
Piper S, Davis M, Manes G, Shenoi S (2005) Detecting hidden data in Ext2/Ext3 filesystems. Advances in digital forensics, the international federation for information processing, vol 194, pp 245–256
Barik MS, Gupta G, Sinha S, Mishra A, Mazumdar C (2007) An efficient technique for enhancing forensic capabilities of Ext2 filesystem. Digit Investig 4S:S55–S61
Park J, Chung H, Lee S (2012) Forensic analysis techniques for fragmented flash memory pages in smartphones. Digit Investig 9:109–118
Phillips D (2002) A directory index for Ext2. Linux symposium, Ottawa
Cohen M (2007) Advanced carving techniques. Digit Investig 4(3–4):119
Author information
Authors and Affiliations
Corresponding author
Additional information
This research was supported by the Public Welfare and Safety Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (NRF-2012M3A2A1051116).
Rights and permissions
About this article
Cite this article
Lee, S., Shon, T. Improved deleted file recovery technique for Ext2/3 filesystem. J Supercomput 70, 20–30 (2014). https://doi.org/10.1007/s11227-014-1282-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-014-1282-y