What is essential data in digital forensic analysis?

Beitrag in einer Fachzeitschrift

Details zur Publikation

Autorinnen und Autoren: Freiling F, Schuhr J, Gruhn M
Zeitschrift: it - Information Technology
Verlag: Gesellschaft für Informatik
Jahr der Veröffentlichung: 2015
Band: 57
Heftnummer: 6
Seitenbereich: 376-383
ISBN: 9781479999033
ISSN: 1611-2776
eISSN: 2196-7032


In his seminal work on file system forensic analysis, Carrier defined the notion of essential data as 'those that areneeded to save and retrieve files.' He argues that essential data is therefore more trustworthy since it has to be correctin order for the user to use the file system. In many practical settings, however, it is unclear whether a specific pieceof data is essential because either file system specifications are ambiguous or the importance of a specific data fielddepends on the operating system that processes the file system data. We therefore revisit Carrier's definition andshow that there are two types of essential data: strong and weak. While strongly essential corresponds to Carrier'sdefinition, weakly essential refers to application specific interpretations. We empirically show the amount of stronglyand weakly essential data in DOS/MBR and GPT partition systems, thereby complementing and extending Carrier'sfindings.

FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Freiling, Felix Prof. Dr.-Ing.
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Gruhn, Michael
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Schuhr, Jan PD Dr.
Lehrstuhl für Strafrecht, Strafprozessrecht und Rechtsphilosophie


Freiling, F., Schuhr, J., & Gruhn, M. (2015). What is essential data in digital forensic analysis? it - Information Technology, 57(6), 376-383. https://dx.doi.org/10.1515/itit-2015-0016

Freiling, Felix, Jan Schuhr, and Michael Gruhn. "What is essential data in digital forensic analysis?" it - Information Technology 57.6 (2015): 376-383.


Zuletzt aktualisiert 2019-28-07 um 07:14