Domain-Specific Optimization in Digital Forensics

  • Jeroen van den Bos
  • Tijs van der Storm
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7307)

Abstract

File carvers are forensic software tools used to recover data from storage devices in order to find evidence. Every legal case requires different trade-offs between precision and runtime performance. The resulting required changes to the software tools are performed manually and under the strictest deadlines.

In this paper we present a model-driven approach to file carver development that enables these trade-offs to be automated. By transforming high-level file format specifications into approximations that are more permissive, forensic investigators can trade precision for performance, without having to change source.

Our study shows that performance gains up to a factor of three can be achieved, at the expense of up to 8% in precision and 5% in recall.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.: Compilers: Principles, Techniques, and Tools, 2nd edn. Prentice Hall (2006)Google Scholar
  2. 2.
    Allen, F., Cocke, J.: A Catalogue of Optimizing Transformations. In: Design and Optimization of Compilers, pp. 1–30. Prentice-Hall (1972)Google Scholar
  3. 3.
    Aronson, L., van den Bos, J.: Towards an Engineering Approach to File Carver Construction. In: 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops (COMPSACW), pp. 368–373. IEEE (2011)Google Scholar
  4. 4.
    Bézivin, J.: Model Driven Engineering: An Emerging Technical Space. In: Lämmel, R., Saraiva, J., Visser, J. (eds.) GTTSE 2005. LNCS, vol. 4143, pp. 36–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    van den Bos, J., van der Storm, T.: Bringing Domain-Specific Languages to Digital Forensics. In: Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pp. 671–680. ACM (2011)Google Scholar
  6. 6.
    Bozga, M., Jaber, M., Sifakis, J.: Source-to-Source Architecture Transformation for Performance Optimization in BIP. IEEE Trans. Industrial Informatics 6(4), 708–718 (2010)CrossRefGoogle Scholar
  7. 7.
    Chung, E.Y., Benini, L., De Micheli, G.: Source Code Transformation based on Software Cost Analysis. In: Proceedings of the 14th International Symposium on Systems Synthesis (ISSS 2001), pp. 153–158. ACM (2001)Google Scholar
  8. 8.
    Cohen, M.I.: Advanced Carving Techniques. Digital Investigation 4(3-4), 119–128 (2007)CrossRefGoogle Scholar
  9. 9.
    Czarnecki, K., Eisenecker, U.: Generative Programming: Methods, Tools, and Applications. Addison Wesley (2000)Google Scholar
  10. 10.
    Garfinkel, S.L.: Carving Contiguous and Fragmented Files with Fast Object Validation. Digital Investigation 4(S1), 2–12 (2007)CrossRefGoogle Scholar
  11. 11.
    Garfinkel, S.L.: Digital Forensics Research: The Next 10 Years. Digital Investigation 7(S1), S64–S73 (2010)CrossRefGoogle Scholar
  12. 12.
    Grenier, C.: PhotoRec, http://www.cgsecurity.org/
  13. 13.
    Klint, P., van der Storm, T., Vinju, J.: Rascal: A Domain Specific Language for Source Code Analysis and Manipulation. In: Proceedings of the Ninth IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2009), pp. 168–177. IEEE (2009)Google Scholar
  14. 14.
    Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Comput. Surv. 37, 316–344 (2005)CrossRefGoogle Scholar
  15. 15.
    Mohri, M., Nederhof, M.J.: Regular approximation of context-free grammars through transformation. In: Robustness in Language and Speech Technology, ch. 9, pp. 251–261. Kluwer (2000)Google Scholar
  16. 16.
    Pal, A., Memon, N.: The Evolution of File Carving. IEEE Signal Processing Magazine 26(2), 59–71 (2009)CrossRefGoogle Scholar
  17. 17.
    Richard III, G.G., Roussev, V.: Scalpel: A Frugal, High Performance File Carver. In: Proceedings of the Fifth Annual DFRWS Conference (2005)Google Scholar
  18. 18.
    Schmidt, D.C.: Model-Driven Engineering. Computer 39, 25–31 (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jeroen van den Bos
    • 1
    • 2
  • Tijs van der Storm
    • 1
  1. 1.Centrum Wiskunde & InformaticaAmsterdamThe Netherlands
  2. 2.Netherlands Forensic InstituteDen HaagThe Netherlands

Personalised recommendations