Digital Evidence and Computer Crime
Digital Evidence and Computer Crime
A hierarchical, objectives-based framework for the digital investigations process
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Recent advances and future directions in multimedia and mobile computing
Multimedia Tools and Applications
| Hi-index | 0.00 |
In digital forensic, evidence images are stored on the disk by a forensic tool. However, the stored images can be damaged due to unexpected internal and external electromagnetic effects. Existing forensic tools only provide integrity and authenticity of the evidence images by utilizing legacy cryptographic methods, i.e., applying hash values and digital signatures. Accordingly, such integrity and authenticity applied to those evidence images can be easily corrupted when the disk is damaged. In this paper, we focus on such limitations of the existing forensic tools and introduce a new scheme that can recover and protect the evidence images on the disk. Specifically, evidence images are divided into blocks; linkage relations between those blocks are formed; and a meta-block is applied to restore the damaged blocks. Blocks in the damaged areas detected using CRC information are subject to a multi-dimensional block operation for recovery of damaged blocks and protection for evidence images.