Advanced File Carving Approaches for Multimedia Files

 

Rainer Poisel⁺, Simon Tjoa, and Paul Tavolato

 

Insitute of IT Security Research

St. Poelten University of Applied Sciences

St. Poelten, Austria
{rainer.poisel,simon.tjoa,paul.tavolato}@fhstp.ac.at

 

 

Abstract

 

File carving is a recovery technique that recovers files based on information about their structure and

content without matching file system information. As files can be recovered from their content and/or

file structure this technique is indispensable during digital forensics investigations. So far many approaches

for the recovery of digital images have been proposed. The main contribution of this paper

is a discussion of existing and new approaches for the recovery of multimedia files. After a short

discussion of relevant multimedia file formats we present an overview of the current state-of-the-art

in file carving. In the main part we focus on the implementation of a file carver for fragmented multimedia

files. Finally, we summarize our findings and give an outlook with regard to post-processing

files that have been recovered successfully.

 

Keywords: Forensics, multimedia, carving, recovery, fragmented.

 

+Corresponding author: Rainer Poisel
Fachhochschule St. Polten GmbH, Matthias Corvinus-Stra��e 15, A-3100 St. Polten, Vienna,

Austria, Tel: +432742313228-637, Email: rainer.poisel@fhstp.ac.at

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 2, No. 4, pp. 42-58, December 2011 [pdf]