Abstract
File carvers are forensic software tools used to recover data from storage devices in order to find evidence. Every legal case requires different trade-offs between precision and runtime performance. The resulting required changes to the software tools are performed manually and under the strictest deadlines.
In this paper we present a model-driven approach to file carver development that enables these trade-offs to be automated. By transforming high-level file format specifications into approximations that are more permissive, forensic investigators can trade precision for performance, without having to change source.
Our study shows that performance gains up to a factor of three can be achieved, at the expense of up to 8% in precision and 5% in recall.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.: Compilers: Principles, Techniques, and Tools, 2nd edn. Prentice Hall (2006)
Allen, F., Cocke, J.: A Catalogue of Optimizing Transformations. In: Design and Optimization of Compilers, pp. 1–30. Prentice-Hall (1972)
Aronson, L., van den Bos, J.: Towards an Engineering Approach to File Carver Construction. In: 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops (COMPSACW), pp. 368–373. IEEE (2011)
Bézivin, J.: Model Driven Engineering: An Emerging Technical Space. In: Lämmel, R., Saraiva, J., Visser, J. (eds.) GTTSE 2005. LNCS, vol. 4143, pp. 36–64. Springer, Heidelberg (2006)
van den Bos, J., van der Storm, T.: Bringing Domain-Specific Languages to Digital Forensics. In: Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pp. 671–680. ACM (2011)
Bozga, M., Jaber, M., Sifakis, J.: Source-to-Source Architecture Transformation for Performance Optimization in BIP. IEEE Trans. Industrial Informatics 6(4), 708–718 (2010)
Chung, E.Y., Benini, L., De Micheli, G.: Source Code Transformation based on Software Cost Analysis. In: Proceedings of the 14th International Symposium on Systems Synthesis (ISSS 2001), pp. 153–158. ACM (2001)
Cohen, M.I.: Advanced Carving Techniques. Digital Investigation 4(3-4), 119–128 (2007)
Czarnecki, K., Eisenecker, U.: Generative Programming: Methods, Tools, and Applications. Addison Wesley (2000)
Garfinkel, S.L.: Carving Contiguous and Fragmented Files with Fast Object Validation. Digital Investigation 4(S1), 2–12 (2007)
Garfinkel, S.L.: Digital Forensics Research: The Next 10 Years. Digital Investigation 7(S1), S64–S73 (2010)
Grenier, C.: PhotoRec, http://www.cgsecurity.org/
Klint, P., van der Storm, T., Vinju, J.: Rascal: A Domain Specific Language for Source Code Analysis and Manipulation. In: Proceedings of the Ninth IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2009), pp. 168–177. IEEE (2009)
Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Comput. Surv. 37, 316–344 (2005)
Mohri, M., Nederhof, M.J.: Regular approximation of context-free grammars through transformation. In: Robustness in Language and Speech Technology, ch. 9, pp. 251–261. Kluwer (2000)
Pal, A., Memon, N.: The Evolution of File Carving. IEEE Signal Processing Magazine 26(2), 59–71 (2009)
Richard III, G.G., Roussev, V.: Scalpel: A Frugal, High Performance File Carver. In: Proceedings of the Fifth Annual DFRWS Conference (2005)
Schmidt, D.C.: Model-Driven Engineering. Computer 39, 25–31 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
van den Bos, J., van der Storm, T. (2012). Domain-Specific Optimization in Digital Forensics. In: Hu, Z., de Lara, J. (eds) Theory and Practice of Model Transformations. ICMT 2012. Lecture Notes in Computer Science, vol 7307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30476-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-30476-7_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30475-0
Online ISBN: 978-3-642-30476-7
eBook Packages: Computer ScienceComputer Science (R0)