Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Comments on the Linux FAT32 allocator and file creation order reconstruction [Digit Investig 11( 4), 224-233]
- Authors
- Lee, Wan Yeon; Kwon, Hyuckmin; Lee, Heejo
- Issue Date
- 12월-2015
- Publisher
- ELSEVIER SCI LTD
- Keywords
- Linux file system; FAT32; Recovered file; Creation time
- Citation
- DIGITAL INVESTIGATION, v.15, pp.119 - 123
- Indexed
- SCIE
SCOPUS
- Journal Title
- DIGITAL INVESTIGATION
- Volume
- 15
- Start Page
- 119
- End Page
- 123
- ISSN
- 1742-2876
- Abstract
- Minnaard proposed a novel method that constructs a creation time bound of files recovered without time information. The method exploits a relationship between the creation order of files and their locations on a storage device managed with the Linux FAT32 file system. This creation order reconstruction method is valid only in non-wraparound situations, where the file creation time in a former position is earlier than that in a latter position. In this article, we show that if the Linux FAT32 file allocator traverses the storage space more than once, the creation time of a recovered file is possibly earlier than that of a former file and possibly later than that of a latter file on the Linux FAT32 file system. Also it is analytically verified that there are at most n candidates for the creation time bound of each recovered file where n is the number of traversals by the file allocator. Our analysis is evaluated by examining file allocation patterns of two commercial in-car dashboard cameras. (C) 2015 Elsevier Ltd. All rights reserved.
- Files in This Item
- There are no files associated with this item.
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.