Forensic Science International-Digital Investigation最新文献_第4页

Hey GPT-OSS, looks like you got it – Now walk me through it! An assessment of the reasoning language models chain of thought process for digital forensics 嘿，GPT-OSS，看起来你搞定了-现在告诉我！对数字取证的推理语言模型思维过程链的评估

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2026-03-01 Epub Date: 2026-03-24 DOI: 10.1016/j.fsidi.2026.302052

Gaëtan Michelet, Janine Schneider, Aruna Withanage, Frank Breitinger

{"title":"Hey GPT-OSS, looks like you got it – Now walk me through it! An assessment of the reasoning language models chain of thought process for digital forensics","authors":"Gaëtan Michelet, Janine Schneider, Aruna Withanage, Frank Breitinger","doi":"10.1016/j.fsidi.2026.302052","DOIUrl":"10.1016/j.fsidi.2026.302052","url":null,"abstract":"<div><div>Large language models (LLMs), including systems such as ChatGPT, are increasingly examined for their role in digital forensics. Current research not only surveys their potential applications but also investigates how fine-tuning and model adaptation can enhance performance on specialized forensic tasks. However, the understandability and interpretability of the results (outputs) reduce their operational and legal usability. Recently, a new class of reasoning language models has emerged, designed to handle logic-based tasks through an ‘internal reasoning’ mechanism. Yet, users typically only see the final answer, not the underlying reasoning. One of these reasoning models is gpt-oss, which can be deployed locally, providing full access to its underlying reasoning process. This article presents the first investigation into the potential of reasoning language models for digital forensics. Four test use cases are examined to assess the usability of the reasoning component in supporting results understandability. The evaluation combines a new quantitative metric with qualitative analysis. Findings show that the reasoning component aids in understanding, interpreting, and validating LLM outputs in digital forensics at medium reasoning levels, but the support is often limited, and higher reasoning levels do not enhance response quality.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"56 ","pages":"Article 302052"},"PeriodicalIF":2.2,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147554640","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Inside the black box: In-depth analysis of geolocation mechanisms in android mobile devices 黑盒子内部：深入分析android移动设备中的地理定位机制

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2026-03-01 Epub Date: 2026-03-24 DOI: 10.1016/j.fsidi.2026.302046

Samuele Mombelli, Thomas R. Souvignet

{"title":"Inside the black box: In-depth analysis of geolocation mechanisms in android mobile devices","authors":"Samuele Mombelli, Thomas R. Souvignet","doi":"10.1016/j.fsidi.2026.302046","DOIUrl":"10.1016/j.fsidi.2026.302046","url":null,"abstract":"<div><div>Geolocation traces extracted from mobile devices are increasingly used as critical evidence in forensic investigations, offering insights into user activity and physical presence. Yet, the opaque nature of geolocation processes—especially those relying on proprietary components—creates major challenges in assessing their provenance, accuracy, and reliability, and increases the risk of misinterpretation. This work investigates the internal mechanisms implemented by Android's Fused Location Provider (FLP)—the core geolocation framework used by most Android devices today—through reverse engineering, dynamic testing and forensic analysis. It details how multiple sources of location data are fused into location fixes, and how contextual parameters influence geolocation calculations. The study also uncovers a set of previously undocumented local traces of geolocation activity, analyzing their structure, persistence, and forensic potential. Our findings highlight the complexity and adaptive nature of Android's geolocation system and provide a technical foundation for the forensic interpretation of geolocation traces on Android devices.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"56 ","pages":"Article 302046"},"PeriodicalIF":2.2,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147554641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

DroPTC: Sentence-level drone flight log forensics using contrastive learning and explainable AI DroPTC：句子级无人机飞行日志取证使用对比学习和可解释的人工智能

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2026-03-01 Epub Date: 2026-03-24 DOI: 10.1016/j.fsidi.2026.302051

Swardiantara Silalahi , Tohari Ahmad , Hudan Studiawan , Frank Breitinger

{"title":"DroPTC: Sentence-level drone flight log forensics using contrastive learning and explainable AI","authors":"Swardiantara Silalahi , Tohari Ahmad , Hudan Studiawan , Frank Breitinger","doi":"10.1016/j.fsidi.2026.302051","DOIUrl":"10.1016/j.fsidi.2026.302051","url":null,"abstract":"<div><div>Unmanned Aerial Vehicles (UAVs), commonly known as drones, are increasingly deployed across diverse application domains, raising critical challenges for digital forensic investigation following safety incidents and system failures. In drone investigations, systematic analysis of flight logs is essential for reconstructing events, identifying root causes, and supporting reliable incident attribution and risk mitigation. Because a message may contain multiple sentences, message-level analysis cannot precisely pinpoint which log segment indicates a problem. Therefore, this paper proposes DroPTC (<strong>Dro</strong>ne <strong>P</strong>roblem <strong>T</strong>ype <strong>C</strong>lassifier), an end-to-end framework to identify and classify problems at the sentence level. A rule-based segmenter is designed to segment log messages into sentences based on historical log characteristics. Using the resulting log sentences, a pre-trained embedding is fine-tuned using contrastive learning for semantic alignment. The integrated gradient is employed to enhance the model's interpretability, enabling admissible and trustworthy analysis. Sentence deduplication is utilized to identify unique log events, thereby reducing the analyst workload. Quantitative and qualitative analysis of the experimental results show that DroPTC outperforms the baselines in three aspects: performance, trustworthiness, and efficiency. This paper also presents a working open-source tool as the tested implementation of the proposed framework. The tool accepts the decrypted flight log file and produces a forensic report in HTML and PDF format.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"56 ","pages":"Article 302051"},"PeriodicalIF":2.2,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147554639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Needle in a case: Scalable search over large-scale image corpora in forensic applications 案件中的针：在法医应用中大规模图像语料库上的可扩展搜索

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2026-03-01 Epub Date: 2026-03-24 DOI: 10.1016/j.fsidi.2026.302057

Kamil Faber , Dominik Żurek , Kacper Bujak , Monika Selegrat , Kamil Piętak

{"title":"Needle in a case: Scalable search over large-scale image corpora in forensic applications","authors":"Kamil Faber , Dominik Żurek , Kacper Bujak , Monika Selegrat , Kamil Piętak","doi":"10.1016/j.fsidi.2026.302057","DOIUrl":"10.1016/j.fsidi.2026.302057","url":null,"abstract":"<div><div>The rapid growth of digital content has made images a key form of communication, which also extends into criminal contexts, where visual material often constitutes critical evidence. Forensic analysts face the challenge of locating relevant images within large, heterogeneous datasets, such as those extracted from mobile devices. Manual inspection of such data is time-consuming and inefficient. Although traditional automated classification methods offer partial support, they remain constrained by predefined class sets, limiting their applicability in the dynamic and unpredictable nature of real forensic investigations. Recent advances in artificial intelligence (AI) have introduced models capable of retrieving images using natural-language queries, enabling more universal and adaptive search capabilities. In this work, we conduct a comprehensive evaluation of two modern AI paradigms for large-scale forensic image retrieval: Vision–Language Models (VLMs), which generate searchable textual captions of images, and Contrastive Language–Image Pre-training (CLIP), which performs embedding-based text–image similarity search.</div><div>To the best of our knowledge, this is the first systematic comparison of these approaches in a forensic context. We evaluate 33 representative queries across three forensic use cases and nine heterogeneous datasets comprising over 80 000 images. Our results offer new insights into the trade-offs between caption-based and embedding-based retrieval methods and their applicability in practical digital forensic workflows.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"56 ","pages":"Article 302057"},"PeriodicalIF":2.2,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147554548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Addressing the dataset gap problem with Generative AI: Towards LLM-driven forensic scenarios for dataset generation 用生成式人工智能解决数据集缺口问题：面向数据集生成的法学硕士驱动的取证场景

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2026-03-01 Epub Date: 2026-03-24 DOI: 10.1016/j.fsidi.2026.302053

Michael Plankl , Thomas Göbel , Harald Baier

{"title":"Addressing the dataset gap problem with Generative AI: Towards LLM-driven forensic scenarios for dataset generation","authors":"Michael Plankl , Thomas Göbel , Harald Baier","doi":"10.1016/j.fsidi.2026.302053","DOIUrl":"10.1016/j.fsidi.2026.302053","url":null,"abstract":"<div><div>The increasing amount of incriminating data to be analysed on the one hand and the limited availability of forensic datasets on the other hand complicate forensic research as well as the development and validation of forensic tools. This challenge is often referred to as the <em>dataset gap problem</em>. A novel and promising approach to solve the dataset gap problem is the generation of synthetic, forensic scenarios through the application of Generative AI (GenAI) approaches like Large Language Models (LLMs). In this paper, we demonstrate how to use popular, general-purpose foundation models to generate various forensic artefacts. While emphasising the benefits of an LLM-driven dataset generation, we also address in detail inherent risks that can impair data synthesis using LLMs (e.g., hallucinations, limited explainability, stochastic model behaviour) and show how to compensate for these limitations (e.g., skilful use of prompt engineering and architectural patterns such as function calling and AI agents). In addition, we prove the practicability of our approach by enhancing a recent data synthesis framework with LLM capabilities and a user-friendly interface. Consequently, we are able to use GenAI to automatically generate configuration files for various forensically coherent scenarios and the resulting datasets. Our implementation thus demonstrates the potential of an automated, prompt-driven scenario generation process, thereby presenting a scalable solution to the shortage of forensic dataset availability.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"56 ","pages":"Article 302053"},"PeriodicalIF":2.2,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147554643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

REVEAL: A large-scale comprehensive image dataset for steganalysis REVEAL：用于隐写分析的大规模综合图像数据集

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-10-29 DOI: 10.1016/j.fsidi.2025.302006

Meike Kombrink , Stijn van Lierop , Dionne Stolwijk , Marcel Worring , Derk Vrijdag , Zeno Geradts

{"title":"REVEAL: A large-scale comprehensive image dataset for steganalysis","authors":"Meike Kombrink , Stijn van Lierop , Dionne Stolwijk , Marcel Worring , Derk Vrijdag , Zeno Geradts","doi":"10.1016/j.fsidi.2025.302006","DOIUrl":"10.1016/j.fsidi.2025.302006","url":null,"abstract":"<div><div>Detection methodologies for steganography are a topic of study both within academia and in law enforcement. For the development of detection methods and the validation of their use for law enforcement, a large-scale representative dataset is essential. Current datasets are lacking in terms of representing real-life steganography, as they only include low resolution images, are taken with only a few different cameras, and are validated with only a minimal number of steganography methods. A new large-scale comprehensive image steganography dataset is needed with many typical examples of steganography one could encounter in casework. To that end, we present the REVEAL dataset containing 100.006 images taken with more than 50 different cameras. The set contains a rich variety of images, the attributes of which have a wide distribution. There are for example over 200 different sizes, ranging from 256x256 to 7680x4320. All 100.006 images have then been subjected to many different chains of image preprocessing steps. After the preprocessing, a total of more than 50 different image steganography algorithms were used to hide information in the images. This results in three image sets namely: original, preprocessed, and stego, in total more than 300.000 images. This properly annotated dataset can help to achieve accurate detection using supervised machine-learning based methods. At the same time, this dataset can be used for both forensic evaluation and validation, thus improving the applicability of detection methods. The dataset with full annotations, algorithms, and results is made publicly available.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302006"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Drone forensics in law enforcement: Assessing utilisation, challenges, and emerging necessities 执法中的无人机取证：评估利用率，挑战和新兴需求

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-09-29 DOI: 10.1016/j.fsidi.2025.302003

Ranul Deelaka Thantilage , Gerry Buttner , Ray Genoe

{"title":"Drone forensics in law enforcement: Assessing utilisation, challenges, and emerging necessities","authors":"Ranul Deelaka Thantilage , Gerry Buttner , Ray Genoe","doi":"10.1016/j.fsidi.2025.302003","DOIUrl":"10.1016/j.fsidi.2025.302003","url":null,"abstract":"<div><div>The proliferation of drone technology has introduced new challenges and opportunities for law enforcement, necessitating the development of drone forensics as a specialised field within digital forensics. This survey paper explores the critical role of drone forensics in modern policing, focusing on its applications in investigating crimes involving unmanned aerial vehicles (UAVs) and addressing emerging security threats. This paper examines the tools, data extraction methods, and operational practices employed in drone forensic investigations, with particular attention to cases of unauthorised surveillance, smuggling, and cyber-attacks. Furthermore, this study discusses the technical, legal, and ethical challenges associated with drone forensics, including encryption, anti-forensic techniques, proprietary software, and privacy concerns. Through a synthesis of current practices, technological advancements, and relevant case studies, this survey provides insights into the effectiveness, limitations, and evolving needs of drone forensics. Recommendations are offered to enhance law enforcement capabilities, emphasising the importance of continuous training, standardised protocols, and collaboration across agencies. This survey paper aims to support policymakers, law enforcement agencies, and forensic practitioners in integrating drone forensics as a versatile and effective approach for safeguarding public safety and ensuring justice in an increasingly drone-integrated world.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302003"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220646","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Complex networks-based anomaly detection for financial transactions in anti-money laundering 反洗钱金融交易中基于复杂网络的异常检测

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-10-07 DOI: 10.1016/j.fsidi.2025.302005

Rodrigo Marcel Araujo Oliveira , Angelo Marcio Oliveira Sant’Anna , Paulo Henrique Ferreira

{"title":"Complex networks-based anomaly detection for financial transactions in anti-money laundering","authors":"Rodrigo Marcel Araujo Oliveira , Angelo Marcio Oliveira Sant’Anna , Paulo Henrique Ferreira","doi":"10.1016/j.fsidi.2025.302005","DOIUrl":"10.1016/j.fsidi.2025.302005","url":null,"abstract":"<div><div>Money laundering is a global threat that undermines the integrity of the financial system and the stability of the world economy. This paper proposes an approach based on complex network techniques to support investigating financial transactions of individuals suspected of money laundering. The study includes analyses for anomaly detection, community detection, density analysis, and cycle identification, aiming to capture complex patterns of interaction among accounts. Anomaly detection was based on a Graph Neural Networks model. The results highlight the model’s effectiveness, as indicated by the Silhouette score and Davies-Bouldin index metrics obtained on the test set, which were 0.83 and 1.59, respectively. This suggests that the groups of anomalous and normal accounts are well represented in terms of similarity and dissimilarity. The study also incorporates various financial indicators, such as moving averages over different time windows of transactions. The K-means algorithm was employed to identify patterns in financial transactions and determine the number of clusters. Correspondence Analysis was applied to establish similarities among the transactional profiles of the investigated individuals. The findings are relevant to the investigative process, providing analytical support for monitoring and prioritizing cases and identifying potential transactional patterns and groups of individuals possibly involved in illicit activities, such as drug trafficking, fraud, and scams.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302005"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145267233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Uncovering digital traces of DeepSeek: Cross-platform mobile and network forensics 揭露深度搜索的数字痕迹：跨平台移动和网络取证

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-11-18 DOI: 10.1016/j.fsidi.2025.302028

Yufeng Gong , Sonali Tyagi , Vaishnavi Mahindra , Umit Karabiyik

{"title":"Uncovering digital traces of DeepSeek: Cross-platform mobile and network forensics","authors":"Yufeng Gong , Sonali Tyagi , Vaishnavi Mahindra , Umit Karabiyik","doi":"10.1016/j.fsidi.2025.302028","DOIUrl":"10.1016/j.fsidi.2025.302028","url":null,"abstract":"<div><div>As an application focusing on generative artificial intelligence, open-source LLM DeepSeek has been widely adopted by many research institutions and international companies around the world. More than 60 million active daily users have been reported on DeepSeek by QuestMobile. Given the rapid growth in the population of DeepSeek users and the fact that mobile devices gradually function as centers for users to interact with AI chatbots, it is essential to conduct thorough mobile forensics along with network forensics on the DeepSeek mobile app to discover potential evidence stored in both Android and iOS devices and provide valuable insight into its potential vulnerabilities. However, given the app’s recent introduction, there is currently a lack of systematic forensic research that investigates its potentially valuable artifacts, data persistence mechanisms, and network communication patterns across platforms. This research focused on user data and application usage, such as log files, metadata, and other critical traces, which revealed insights into its operational behavior in different versions of DeepSeek and the data sent over the network. Our analysis can help forensic researchers and investigators fully utilize the forensic value of DeepSeek on mobile devices to have a clear view of what can be recovered and obtained.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302028"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145578847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A comprehensive analysis and evaluation of SQLite deleted Record recovery techniques: A survey SQLite删除记录恢复技术的综合分析与评价：调查

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-11-22 DOI: 10.1016/j.fsidi.2025.302031

Seonghyeon Lee , Sooyoung Park , Insoo Lee , Jongmoo Choi

{"title":"A comprehensive analysis and evaluation of SQLite deleted Record recovery techniques: A survey","authors":"Seonghyeon Lee , Sooyoung Park , Insoo Lee , Jongmoo Choi","doi":"10.1016/j.fsidi.2025.302031","DOIUrl":"10.1016/j.fsidi.2025.302031","url":null,"abstract":"<div><div>SQLite is a lightweight, file-based relational database that is widely deployed on mobile and IoT devices to store diverse data. Due to its widespread use, SQLite has become an important subject of interest in digital forensics. In particular, SQLite exhibits structural characteristics that allow deleted data to persist temporarily within database, specifically through internal components such as the freelist and Write-Ahead Log (WAL). As a result, deleted content often remains recoverable even after deletion requests, making SQLite a valuable source of forensic artifacts. These characteristics have motivated the development of various techniques and tools for recovering deleted records from SQLite. However, comparative evaluations of the strengths, limitations, and performance of each approach based on consistent criteria remain relatively scarce. To address this gap, this study systematically categorizes existing deleted record recovery techniques into three types, namely Metadata-based, Carving-based, and WAL-based, and compares their trade-offs. In addition, we select representative open-source SQLite recovery tools, such as Undark, SQLite Deleted Record Parser, Bring2Lite, and FQLite, and quantitatively measure their recovery performance, reliability, and throughput based on various deletion scenarios. We also present a detailed analysis of incorrect recoveries (false positives) caused by structural changes in the database. These findings can provide practical guidelines for selecting the most suitable SQLite recovery method depending on the context, and can contribute to the development of more effective recovery techniques and tools in the future.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302031"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145578846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0