Domain-Specific Optimization in Digital Forensics

van den Bos, Jeroen; van der Storm, Tijs

doi:10.1007/978-3-642-30476-7_8

Domain-Specific Optimization in Digital Forensics

Jeroen van den Bos^18,19 &
Tijs van der Storm¹⁸

Conference paper

732 Accesses
5 Citations

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7307))

Abstract

File carvers are forensic software tools used to recover data from storage devices in order to find evidence. Every legal case requires different trade-offs between precision and runtime performance. The resulting required changes to the software tools are performed manually and under the strictest deadlines.

In this paper we present a model-driven approach to file carver development that enables these trade-offs to be automated. By transforming high-level file format specifications into approximations that are more permissive, forensic investigators can trade precision for performance, without having to change source.

Our study shows that performance gains up to a factor of three can be achieved, at the expense of up to 8% in precision and 5% in recall.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.: Compilers: Principles, Techniques, and Tools, 2nd edn. Prentice Hall (2006)
Google Scholar
Allen, F., Cocke, J.: A Catalogue of Optimizing Transformations. In: Design and Optimization of Compilers, pp. 1–30. Prentice-Hall (1972)
Google Scholar
Aronson, L., van den Bos, J.: Towards an Engineering Approach to File Carver Construction. In: 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops (COMPSACW), pp. 368–373. IEEE (2011)
Google Scholar
Bézivin, J.: Model Driven Engineering: An Emerging Technical Space. In: Lämmel, R., Saraiva, J., Visser, J. (eds.) GTTSE 2005. LNCS, vol. 4143, pp. 36–64. Springer, Heidelberg (2006)
Chapter Google Scholar
van den Bos, J., van der Storm, T.: Bringing Domain-Specific Languages to Digital Forensics. In: Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pp. 671–680. ACM (2011)
Google Scholar
Bozga, M., Jaber, M., Sifakis, J.: Source-to-Source Architecture Transformation for Performance Optimization in BIP. IEEE Trans. Industrial Informatics 6(4), 708–718 (2010)
Article Google Scholar
Chung, E.Y., Benini, L., De Micheli, G.: Source Code Transformation based on Software Cost Analysis. In: Proceedings of the 14th International Symposium on Systems Synthesis (ISSS 2001), pp. 153–158. ACM (2001)
Google Scholar
Cohen, M.I.: Advanced Carving Techniques. Digital Investigation 4(3-4), 119–128 (2007)
Article Google Scholar
Czarnecki, K., Eisenecker, U.: Generative Programming: Methods, Tools, and Applications. Addison Wesley (2000)
Google Scholar
Garfinkel, S.L.: Carving Contiguous and Fragmented Files with Fast Object Validation. Digital Investigation 4(S1), 2–12 (2007)
Article Google Scholar
Garfinkel, S.L.: Digital Forensics Research: The Next 10 Years. Digital Investigation 7(S1), S64–S73 (2010)
Article Google Scholar
Grenier, C.: PhotoRec, http://www.cgsecurity.org/
Klint, P., van der Storm, T., Vinju, J.: Rascal: A Domain Specific Language for Source Code Analysis and Manipulation. In: Proceedings of the Ninth IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2009), pp. 168–177. IEEE (2009)
Google Scholar
Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Comput. Surv. 37, 316–344 (2005)
Article Google Scholar
Mohri, M., Nederhof, M.J.: Regular approximation of context-free grammars through transformation. In: Robustness in Language and Speech Technology, ch. 9, pp. 251–261. Kluwer (2000)
Google Scholar
Pal, A., Memon, N.: The Evolution of File Carving. IEEE Signal Processing Magazine 26(2), 59–71 (2009)
Article Google Scholar
Richard III, G.G., Roussev, V.: Scalpel: A Frugal, High Performance File Carver. In: Proceedings of the Fifth Annual DFRWS Conference (2005)
Google Scholar
Schmidt, D.C.: Model-Driven Engineering. Computer 39, 25–31 (2006)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Centrum Wiskunde & Informatica, Amsterdam, The Netherlands
Jeroen van den Bos & Tijs van der Storm
Netherlands Forensic Institute, Den Haag, The Netherlands
Jeroen van den Bos

Authors

Jeroen van den Bos
View author publications
You can also search for this author in PubMed Google Scholar
Tijs van der Storm
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

National Institute of Informatics, 2-1-2 Hitotsubashi, 101-8430, Chiyoda-ku, Tokyo, Japan
Zhenjiang Hu
Department of Computer Science, Universidad Autónoma de Madrid, Campus de Cantoblanco, 28049, Madrid, Spain
Juan de Lara

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

van den Bos, J., van der Storm, T. (2012). Domain-Specific Optimization in Digital Forensics. In: Hu, Z., de Lara, J. (eds) Theory and Practice of Model Transformations. ICMT 2012. Lecture Notes in Computer Science, vol 7307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30476-7_8

Download citation

DOI: https://doi.org/10.1007/978-3-642-30476-7_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30475-0
Online ISBN: 978-3-642-30476-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics