Skip to main content
Conference Proceedings

Resident data pattern analysis using sector clustering for storage drive forensics

IFIP Advances in Information and Communication Technology (2020) 589 IFIP 137-157
DOI: 10.1007/978-3-030-56223-6_8
0Citations
Citations of this article
1Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Storage drives are huge reservoirs of digital evidence. The acquisition and examination of storage drives for evidentiary artifacts require enormous amounts of manual effort and computing resources, leading to huge case backlogs. This chapter describes a forensic triage methodology that leverages random sampling and unsupervised clustering to provide insights about the regions of interest on a storage drive. The number of sector samples to be evaluated during triage for legitimate inferences to be drawn about drive content is also discussed. Experiments involving storage drives of various capacities illustrate the effectiveness and utility of the extracted patterns for rapid drive triage.

Author supplied keywords

Cite

CITATION STYLE

APA

Bharadwaj, N., Singh, U., & Gupta, G. (2020). Resident data pattern analysis using sector clustering for storage drive forensics. In IFIP Advances in Information and Communication Technology (Vol. 589 IFIP, pp. 137–157). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-56223-6_8

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free