De-Wipimization: Detection of data wiping traces for investigating NTFS file system
- Authors
- Oh, Dong Bin; Park, Kyung Ho; Kim, Huy Kang
- Issue Date
- 12월-2020
- Publisher
- ELSEVIER ADVANCED TECHNOLOGY
- Keywords
- Cybercrime; Anti-forensic; Data wiping; Machine leaming
- Citation
- COMPUTERS & SECURITY, v.99
- Indexed
- SCIE
SCOPUS
- Journal Title
- COMPUTERS & SECURITY
- Volume
- 99
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/51311
- DOI
- 10.1016/j.cose.2020.102034
- ISSN
- 0167-4048
- Abstract
- Data wiping is used to securely delete securely unwanted files. However, the misuse of data wiping can destroy pieces of evidence to be spoiled in a digital forensic investigation. To cope with the misuse of data wiping, we proposed an anti-anti-forensic method based on NTFS transaction features and a machine leaming algorithm. This method allows investigators to obtain information regarding 'which files are wiped' and 'which data wiping tools and data sanitization standards used'. In this study, we achieved good identification of data wiping traces in the NTFS file system. Leveraging the efficiency of machine leaming mod els, our method effectively recognizes wiped partitions and files in the NTFS file system and identifies tools used in data sanitization. (C) 2020 Elsevier Ltd. All rights reserved.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.