A Forensic Model on Deleted-File Verification for Securing Digital Evidence

Abstract

The computer forensic technique that analyzes the file hidden in the computer or the file information of Windows has been widely used for the criminal check. However, these techniques had the different problems to be presented as the legal resources. The forensic viewpoint has 5 digital evidence principles such as legitimacy, identity, connectivity, speediness, integrity. This thesis is focused on the principle of connectivity. The principle of connectivity so far insisted the evidential connectivity of media, the Chain of Custody, but the research on the connectivity principle of file is not yet made. This thesis analyzed the cause of deleted file, and developed the best model. Also, it used the developed analysis technique to produce the respective model and the case for the precision of model, and applied the model to the case in order to experiment the precision detected. The detection model presented by this thesis will be the important judgmental data for the reliable evidence forensic.