Domain-Specific Optimization in Digital Forensics
- Cite this paper as:
- van den Bos J., van der Storm T. (2012) Domain-Specific Optimization in Digital Forensics. In: Hu Z., de Lara J. (eds) Theory and Practice of Model Transformations. ICMT 2012. Lecture Notes in Computer Science, vol 7307. Springer, Berlin, Heidelberg
File carvers are forensic software tools used to recover data from storage devices in order to find evidence. Every legal case requires different trade-offs between precision and runtime performance. The resulting required changes to the software tools are performed manually and under the strictest deadlines.
In this paper we present a model-driven approach to file carver development that enables these trade-offs to be automated. By transforming high-level file format specifications into approximations that are more permissive, forensic investigators can trade precision for performance, without having to change source.
Our study shows that performance gains up to a factor of three can be achieved, at the expense of up to 8% in precision and 5% in recall.
Unable to display preview. Download preview PDF.