黄金眼:从硬盘原始图像中恢复文件的操作系统独立算法

IF 0.6 Q4 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS

International Journal of Digital Crime and Forensics Pub Date : 2022-11-30 DOI:10.4018/ijdcf.315793

Fan Zhang, Wei Chen, Yongqiong Zhu

{"title":"黄金眼:从硬盘原始图像中恢复文件的操作系统独立算法","authors":"Fan Zhang, Wei Chen, Yongqiong Zhu","doi":"10.4018/ijdcf.315793","DOIUrl":null,"url":null,"abstract":"File systems are important sources of intelligence information and digital evidence. They have long attracted the interest of researchers in recovering files that are deleted from a hard disk. Existing file recovery studies rely heavily on an operating system (OS). However, it is often encountered that OS services are not available, making existing file recovery approaches unusable. To address this issue, the authors design and implement an OS-independent file recovery algorithm named Golden Eye (GE) by targeting the EXT4 file system. Fed the raw image obtained from a (sanitized) hard disk, GE can automatically recover any designated file or even the whole EXT4 file system. GE is based on the understanding of the file disk layout of EXT4 and does not need any support from additional hardware or software. Experimental results prove the feasibility and correctness of GE. This work not only solves the OS dependency problem that most existing file recovery work suffers from but also reveals the fact that even sanitized hard disks are still at risk of leaking sensitive data.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":null,"pages":null},"PeriodicalIF":0.6000,"publicationDate":"2022-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Golden Eye: An OS-Independent Algorithm for Recovering Files From Hard-Disk Raw Images\",\"authors\":\"Fan Zhang, Wei Chen, Yongqiong Zhu\",\"doi\":\"10.4018/ijdcf.315793\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"File systems are important sources of intelligence information and digital evidence. They have long attracted the interest of researchers in recovering files that are deleted from a hard disk. Existing file recovery studies rely heavily on an operating system (OS). However, it is often encountered that OS services are not available, making existing file recovery approaches unusable. To address this issue, the authors design and implement an OS-independent file recovery algorithm named Golden Eye (GE) by targeting the EXT4 file system. Fed the raw image obtained from a (sanitized) hard disk, GE can automatically recover any designated file or even the whole EXT4 file system. GE is based on the understanding of the file disk layout of EXT4 and does not need any support from additional hardware or software. Experimental results prove the feasibility and correctness of GE. This work not only solves the OS dependency problem that most existing file recovery work suffers from but also reveals the fact that even sanitized hard disks are still at risk of leaking sensitive data.\",\"PeriodicalId\":44650,\"journal\":{\"name\":\"International Journal of Digital Crime and Forensics\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2022-11-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Digital Crime and Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/ijdcf.315793\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Digital Crime and Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijdcf.315793","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

摘要

文件系统是情报信息和数字证据的重要来源。长期以来，它们一直吸引着研究人员对恢复从硬盘上删除的文件的兴趣。现有的文件恢复研究严重依赖于操作系统(OS)。但是，经常会遇到OS服务不可用的情况，这使得现有的文件恢复方法无法使用。为了解决这个问题，作者针对EXT4文件系统设计并实现了一个名为Golden Eye (GE)的独立于操作系统的文件恢复算法。使用从(经过消毒的)硬盘获得的原始映像，GE可以自动恢复任何指定的文件甚至整个EXT4文件系统。GE基于对EXT4文件磁盘布局的理解，不需要任何额外的硬件或软件的支持。实验结果证明了该方法的可行性和正确性。这项工作不仅解决了大多数现有文件恢复工作所面临的操作系统依赖问题，而且还揭示了一个事实，即即使经过消毒的硬盘仍然有泄露敏感数据的风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Golden Eye: An OS-Independent Algorithm for Recovering Files From Hard-Disk Raw Images

File systems are important sources of intelligence information and digital evidence. They have long attracted the interest of researchers in recovering files that are deleted from a hard disk. Existing file recovery studies rely heavily on an operating system (OS). However, it is often encountered that OS services are not available, making existing file recovery approaches unusable. To address this issue, the authors design and implement an OS-independent file recovery algorithm named Golden Eye (GE) by targeting the EXT4 file system. Fed the raw image obtained from a (sanitized) hard disk, GE can automatically recover any designated file or even the whole EXT4 file system. GE is based on the understanding of the file disk layout of EXT4 and does not need any support from additional hardware or software. Experimental results prove the feasibility and correctness of GE. This work not only solves the OS dependency problem that most existing file recovery work suffers from but also reveals the fact that even sanitized hard disks are still at risk of leaking sensitive data.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Digital Crime and Forensics COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-

CiteScore

2.70

自引率

0.00%

发文量