JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Study on Recovery Techniques for the Deleted or Damaged Event Log(EVTX) Files
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Study on Recovery Techniques for the Deleted or Damaged Event Log(EVTX) Files
Shin, Yonghak; Cheon, Junyoung; Kim, Jongsung;
  PDF(new window)
 Abstract
As the number of people using digital devices has increased, the digital forensic, which aims at finding clues for crimes in digital data, has been developed and become more important especially in court. Together with the development of the digital forensic, the anti-forensic which aims at thwarting the digital forensic has also been developed. As an example, with anti-forensic technology the criminal would delete an digital evidence without which the investigator would be hard to find any clue for crimes. In such a case, recovery techniques on deleted or damaged information will be very important in the field of digital forensic. Until now, even though EVTX(event log)-based recovery techniques on deleted files have been presented, but there has been no study to retrieve event log data itself, In this paper, we propose some recovery algorithms on deleted or damaged event log file and show that our recovery algorithms have high success rate through experiments.
 Keywords
Digital Forensic;EVTX(Event Log);Carving;Chunk;Event Record;Recovery Techniques;
 Language
Korean
 Cited by
 References
1.
S.J.J, Kloet , "Measuring and Improving the Quality of File Carving Methods," Master's thesis, Eindhoven University of Technology, Oct. 2007.

2.
P. Deutsch, "GZIP file format specification version 4.3," RFC 1952, May. 1996.

3.
Andreas Schuster, "Introducing the Microsoft Vista Event Log file format," DFRWS2007, pp. 65-72, May. 2007.

4.
Joachim Metz, "Windows XML Event Log (EVTX)," GitHub. "https://github.com/libyal/libevtx/blob/master/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc", Feb. 2014.

5.
Minsu Park, " Record File Carving Technique for Efficient File Recovery in Digital Forensic Investigation," KIPS Transactions on Computer and Communication Systems. 2(2), pp. 93-10, Feb. 2013. crossref(new window)

6.
2014 Digital Forensic Challenge, http://kdfs.or.kr/journal_notice/3426, Nov. 2014.

7.
Binglong Li, Qianxian Wang, and Junuong Luo, "Forensic Analysis of Document fragment based on SVM," Proceedings of the 2006 IEEE Xplore Digital Library, pp. 236-239, DEC. 2006.