Computer Forensics Research and Implementation Based on FAT32 File System
2009; East China Computer Technology Research Institute; Linguagem: Inglês
ISSN
1000-3428
Autores Tópico(s)Advanced Malware Detection Techniques
ResumoAiming at on FAT32 file system,this paper emphasizes to analyze scattered fragments of disk files,and proposes a model of reassembling deleted file fragments based on PPMC algorithm.Employed Prediction by Partial Matching(PPM) is used to build a context model and compute candidate probabilities of the possible adjacency of two document fragments,and pruning technology is adopted to process gradually and reassemble a complete file.It also analyzes the hidden file named index.dat in the system.
Referência(s)