Abstract
Digital forensic tooling should be based on reference data. Such reference data can be gathered by measuring a baseline, e.g. from volunteers. However, the privacy provisions in digital forensics tools are typically tailored for criminal investigations. This is not sufficient to ensure privacy obligations towards volunteer participants. Thus, privacy adaptations are necessary before such tooling can be used to establish or rejuvenate a baseline.(p)(/p)We illustrate the feasibility of this approach by rejuvenating a baseline for file carving, via a case study of file fragmentation. We derive a set of privacy requirements to prevent deanonymisation of individuals. Atypical properties of files can nevertheless still lead to plausible deanonymisation of the file. With regards to fragmentation, we find out-of-order fragmentation, where a later block is stored on disk before an earlier block of the same file, occurs in nearly half of all fragmented files. This is the first study to report on prevalence of this type of fragmentation. Its high rate of occurrence has implications for the practice of file carving.
Original language | English |
---|---|
Title of host publication | 2019 IEEE International Workshop on Information Forensics and Security (WIFS) |
Subtitle of host publication | Proceedings |
Place of Publication | Delft |
Publisher | IEEE |
Pages | 1-6 |
Number of pages | 6 |
ISBN (Electronic) | 9781728132174 |
ISBN (Print) | 9781728132181 |
DOIs | |
Publication status | Published - Dec 2019 |
Event | 2019 IEEE International Workshop on Information Forensics and Security - Mekelzalen (the Science Centre Delft), Delft, Netherlands Duration: 9 Dec 2019 → 12 Dec 2019 https://wifs2019.tudelft.nl/ |
Workshop
Workshop | 2019 IEEE International Workshop on Information Forensics and Security |
---|---|
Abbreviated title | WIFS 2019 |
Country/Territory | Netherlands |
City | Delft |
Period | 9/12/19 → 12/12/19 |
Internet address |