Advanced file carving: ontology, models and methods

Q3 Computer Science
Maksym Boiko, Viacheslav Moskalenko, Oksana Shovkoplias
{"title":"Advanced file carving: ontology, models and methods","authors":"Maksym Boiko, Viacheslav Moskalenko, Oksana Shovkoplias","doi":"10.32620/reks.2023.3.16","DOIUrl":null,"url":null,"abstract":"File carving techniques are important in the field of digital forensics. At the same time, the rapid growth in the amount and types of data requires the development of file carving methods in terms of capabilities, accuracy, and computational efficiency. However, most of the methods are developed to solve specific tasks and are based on a certain set of assumptions and a priori knowledge about the files to be recovered. There is a lack of research that systematizes methods and structures approaches to identify gaps and determine perspective directions for development, considering the latest advances in information technology and artificial intelligence. The subject matter of this article is the structure, factors, efficiency criteria, methods, and tools of file carving, as well as the current state and tendencies of development of file carving methods. The goal of this study is to systematize knowledge about advanced file carving methods and identify perspective directions for their development. The tasks to be solved are as follows: to identify the main stages of file carving and analyze approaches to their implementation; to build an ontological scheme of file carving; and to identify perspective directions for the development of carving methods. The methods used were literature review, systematization, and summarization. The obtained results are as follows. An ontological scheme for the file carving concept is constructed. The scheme includes the principles, properties, phases, techniques, evaluation criteria, tools used, and factors influencing file carving. The features, limitations, and fields of application of the data recovery methods are provided. It was established that the most widespread approach to file reconstruction is still a manually detailed analysis of the internal structure of files and/or their contents, identifying specific patterns that allow reassembling the sequence of data fragments in the correct order. However, most of the methods do not provide one hundred percent guaranteed results. This article analyzes the current state and prospects of using artificial intelligence methods in the field of digital forensics, particularly for identifying data blocks, clustering, and reconstructing files, as well as restoring the contents of media files with damaged or lost headers. The necessity of having priori information about the file structure or content for successfully carving fragmented data is determined. Conclusions. The scientific novelty of the obtained results is as follows: for the first time, advanced file carving methods are systematized and analyzed by directions of development and the perspectives of using artificial intelligence for identifying data blocks, clustering, and file content restoration; for the first time, an ontological scheme of file carving is constructed, which can be used as a roadmap for developing new advanced systems in the digital forensics field.","PeriodicalId":36122,"journal":{"name":"Radioelectronic and Computer Systems","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Radioelectronic and Computer Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.32620/reks.2023.3.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0

Abstract

File carving techniques are important in the field of digital forensics. At the same time, the rapid growth in the amount and types of data requires the development of file carving methods in terms of capabilities, accuracy, and computational efficiency. However, most of the methods are developed to solve specific tasks and are based on a certain set of assumptions and a priori knowledge about the files to be recovered. There is a lack of research that systematizes methods and structures approaches to identify gaps and determine perspective directions for development, considering the latest advances in information technology and artificial intelligence. The subject matter of this article is the structure, factors, efficiency criteria, methods, and tools of file carving, as well as the current state and tendencies of development of file carving methods. The goal of this study is to systematize knowledge about advanced file carving methods and identify perspective directions for their development. The tasks to be solved are as follows: to identify the main stages of file carving and analyze approaches to their implementation; to build an ontological scheme of file carving; and to identify perspective directions for the development of carving methods. The methods used were literature review, systematization, and summarization. The obtained results are as follows. An ontological scheme for the file carving concept is constructed. The scheme includes the principles, properties, phases, techniques, evaluation criteria, tools used, and factors influencing file carving. The features, limitations, and fields of application of the data recovery methods are provided. It was established that the most widespread approach to file reconstruction is still a manually detailed analysis of the internal structure of files and/or their contents, identifying specific patterns that allow reassembling the sequence of data fragments in the correct order. However, most of the methods do not provide one hundred percent guaranteed results. This article analyzes the current state and prospects of using artificial intelligence methods in the field of digital forensics, particularly for identifying data blocks, clustering, and reconstructing files, as well as restoring the contents of media files with damaged or lost headers. The necessity of having priori information about the file structure or content for successfully carving fragmented data is determined. Conclusions. The scientific novelty of the obtained results is as follows: for the first time, advanced file carving methods are systematized and analyzed by directions of development and the perspectives of using artificial intelligence for identifying data blocks, clustering, and file content restoration; for the first time, an ontological scheme of file carving is constructed, which can be used as a roadmap for developing new advanced systems in the digital forensics field.
高级文件雕刻:本体、模型和方法
文件雕刻技术是数字取证领域的重要技术之一。同时,数据量和类型的快速增长要求文件雕刻方法在能力、精度和计算效率方面得到发展。然而,大多数方法都是为了解决特定的任务而开发的,并且是基于一组特定的假设和关于要恢复的文件的先验知识。考虑到信息技术和人工智能的最新进展,缺乏系统化的方法和结构来确定差距和确定未来发展方向的研究。本文的主题是文件雕刻的结构、因素、效率标准、方法和工具,以及文件雕刻方法的现状和发展趋势。本研究的目的是系统化有关先进锉刻方法的知识,并找出其未来的发展方向。要解决的任务是:确定文件雕刻的主要阶段,分析其实现途径;建立文件雕刻的本体方案;并为雕刻方法的发展确定透视方向。采用文献法、系统化法和总结法。所得结果如下:构造了文件雕刻概念的本体方案。该方案包括锉刻的原理、性质、阶段、工艺、评价标准、使用的工具以及影响锉刻的因素。介绍了各种数据恢复方法的特点、局限性和应用领域。已经确定的是,最广泛的文件重建方法仍然是对文件和/或其内容的内部结构进行手动详细分析,确定允许以正确顺序重新组装数据片段序列的特定模式。然而,大多数方法不能提供百分之百保证的结果。本文分析了在数字取证领域使用人工智能方法的现状和前景,特别是在识别数据块、聚类和重建文件以及恢复标题损坏或丢失的媒体文件的内容方面。确定了成功切割碎片数据需要具有关于文件结构或内容的先验信息。结论。所得结果的科学新颖性在于:首次从发展方向和利用人工智能进行数据块识别、聚类和文件内容恢复的角度对先进的文件雕刻方法进行了系统化分析;本文首次构建了文件雕刻的本体方案,为数字取证领域先进系统的开发提供了思路。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Radioelectronic and Computer Systems
Radioelectronic and Computer Systems Computer Science-Computer Graphics and Computer-Aided Design
CiteScore
3.60
自引率
0.00%
发文量
50
审稿时长
2 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信