Date of Award
Summer 8-2016
Degree Type
Thesis-Restricted
Degree Name
M.S.
Degree Program
Computer Science
Department
Computer Science
Major Professor
Richard, Golden III
Second Advisor
Roussev, Vassil
Third Advisor
Ahmed, Irfan
Abstract
Using a forensic imager to produce a copy of the storage is a common practice. Due to the large volumes of the modern disks, the imaging may impose severe time overhead which ultimately delays the investigation process. We proposed automated disk analysis techniques that precisely identify regions on the disk that contain data. We also developed a high performance imager that produces AFFv3 images at rates exceeding 300MB/s. Using multiple disk analysis strategies we can analyze a disk within a few minutes and yet reduce the imaging time of by many hours. Partial AFFv3 images produced by our imager can be analyzed by existing digital forensics tools, which makes our approach to be easily incorporated into the workflow of practicing forensics investigators. The proposed approach renders feasible in the forensic environments where the time is critical constraint, as it provides significant performance boost, which facilitates faster investigation turnaround times and reduces case backlogs.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Recommended Citation
gorbov, sergey, "Practical Application of Fast Disk Analysis for Selective Data Acquisition" (2016). University of New Orleans Theses and Dissertations. 2230.
https://scholarworks.uno.edu/td/2230
Rights
The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.