Comments on the Linux FAT32 allocator and file creation order reconstruction [Digit Investig 11(4), 224

Artigo

Comments on the Linux FAT32 allocator and file creation order reconstruction [Digit Investig 11(4), 224–233]

2015; Elsevier BV; Volume: 15; Linguagem: Inglês

10.1016/j.diin.2015.09.003

ISSN

1873-202X

Autores

Wan Yeon Lee, Hyuckmin Kwon, Heejo Lee,

Tópico(s)

Digital Image Processing Techniques

Resumo

Minnaard proposed a novel method that constructs a creation time bound of files recovered without time information. The method exploits a relationship between the creation order of files and their locations on a storage device managed with the Linux FAT32 file system. This creation order reconstruction method is valid only in non-wraparound situations, where the file creation time in a former position is earlier than that in a latter position. In this article, we show that if the Linux FAT32 file allocator traverses the storage space more than once, the creation time of a recovered file is possibly earlier than that of a former file and possibly later than that of a latter file on the Linux FAT32 file system. Also it is analytically verified that there are at most n candidates for the creation time bound of each recovered file where n is the number of traversals by the file allocator. Our analysis is evaluated by examining file allocation patterns of two commercial in-car dashboard cameras.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Comments on the Linux FAT32 allocator and file creation order reconstruction [Digit Investig 11(4), 224–233]