Domain-Specific optimization in digital forensics

Authors:
Jeroen van den Bos;Tijs van der Storm
Affiliations:
Centrum Wiskunde & Informatica, Amsterdam, The Netherlands,Netherlands Forensic Institute, Den Haag, The Netherlands;Centrum Wiskunde & Informatica, Amsterdam, The Netherlands
Venue:
ICMT'12 Proceedings of the 5th international conference on Theory and Practice of Model Transformations
Year:
2012

Citing 12
Cited 1

Generative programming: methods, tools, and applications

Generative programming: methods, tools, and applications
Source code transformation based on software cost analysis

Proceedings of the 14th international symposium on Systems synthesis
Guest Editor's Introduction: Model-Driven Engineering

Computer
When and how to develop domain-specific languages

ACM Computing Surveys (CSUR)
Compilers: Principles, Techniques, and Tools (2nd Edition)

Compilers: Principles, Techniques, and Tools (2nd Edition)
RASCAL: A Domain Specific Language for Source Code Analysis and Manipulation

SCAM '09 Proceedings of the 2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation
Bringing domain-specific languages to digital forensics

Proceedings of the 33rd International Conference on Software Engineering
Towards an Engineering Approach to File Carver Construction

COMPSACW '11 Proceedings of the 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops
Model driven engineering: an emerging technical space

GTTSE'05 Proceedings of the 2005 international conference on Generative and Transformational Techniques in Software Engineering
Carving contiguous and fragmented files with fast object validation

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital forensics research: The next 10 years

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Advanced carving techniques

Digital Investigation: The International Journal of Digital Forensics & Incident Response

A case study in evidence-based DSL evolution

ECMFA'13 Proceedings of the 9th European conference on Modelling Foundations and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

File carvers are forensic software tools used to recover data from storage devices in order to find evidence. Every legal case requires different trade-offs between precision and runtime performance. The resulting required changes to the software tools are performed manually and under the strictest deadlines. In this paper we present a model-driven approach to file carver development that enables these trade-offs to be automated. By transforming high-level file format specifications into approximations that are more permissive, forensic investigators can trade precision for performance, without having to change source. Our study shows that performance gains up to a factor of three can be achieved, at the expense of up to 8% in precision and 5% in recall.