Yannikos, York ; Winter, Christian (2013)
Model-Based Generation of Synthetic Disk Images for Digital Forensic Tool Testing.
Regensburg, Germany
doi: 10.1109/ARES.2013.65
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Testing digital forensic tools is important to determine relevant tool properties like effectiveness and efficiency. Since many different forensic tool categories exist, different testing techniques and especially suitable test data are required. Considering test data for disk analysis and data recovery tools, synthetic disk images provide significant advantages compared to disk images created from real-world storage devices.
In this work we propose a framework for generating synthetic disk images for testing digital forensic analysis tools. The framework provides functionality for building models of real-world scenarios in which data on a storage device like a hard disk is created, changed, or deleted. Using such a model our framework allows simulating actions specified in the model in order to generate synthetic disk images with realistic characteristics. These disk images can then be used for testing the performance of forensic disk analysis and data recovery tools.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2013 |
| Autor(en): | Yannikos, York ; Winter, Christian |
| Art des Eintrags: | Bibliographie |
| Titel: | Model-Based Generation of Synthetic Disk Images for Digital Forensic Tool Testing |
| Sprache: | Englisch |
| Publikationsjahr: | 2013 |
| Verlag: | IEEE Computer Society |
| Buchtitel: | Availability, Reliability and Security (ARES 2013), Eighth International Conference, September 2–6, 2013, Regensburg, Germany |
| Band einer Reihe: | E5008 |
| Veranstaltungsort: | Regensburg, Germany |
| DOI: | 10.1109/ARES.2013.65 |
| Kurzbeschreibung (Abstract): | Testing digital forensic tools is important to determine relevant tool properties like effectiveness and efficiency. Since many different forensic tool categories exist, different testing techniques and especially suitable test data are required. Considering test data for disk analysis and data recovery tools, synthetic disk images provide significant advantages compared to disk images created from real-world storage devices. In this work we propose a framework for generating synthetic disk images for testing digital forensic analysis tools. The framework provides functionality for building models of real-world scenarios in which data on a storage device like a hard disk is created, changed, or deleted. Using such a model our framework allows simulating actions specified in the model in order to generate synthetic disk images with realistic characteristics. These disk images can then be used for testing the performance of forensic disk analysis and data recovery tools. |
| Freie Schlagworte: | Secure Data;Synthetic disk image generation, forensic tool testing, disk analysis tools, Markov chains, model-based simulation |
| ID-Nummer: | TUD-CS-2013-0442 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 17 Mai 2018 13:02 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum