• Home

  • Documents

  • Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to...
12
Graphic File Carving Demonstration Rick Ayers, Jenise Reyes-Rodriquez

Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Embed Size (px)

Citation preview

Page 1: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Graphic File Carving Demonstration

Rick Ayers, Jenise Reyes-Rodriquez

Page 2: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Disclaimer Certain commercial entities, equipment, or materials

may be identified in this presentation in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Page 3: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

CFTT at NIST CFTT – Computer Forensic Tool Testing Program provides

a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results.

Page 4: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Disk Imaging

String Searching

File Carving

Forensic Media Prep

Write Blockers

Deleted File

Recovery

Mobile Device

Forensics

Page 5: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Benefits of CFTT

Tool validation results issued by the CFTT project at NIST provide information necessary for:

Toolmakers to improve tools

Users to make informed choices about acquiring and using computer forensic tools

And for interested parties to understand the tools capabilities

Page 6: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

File Carving vs Deleted File Recovery

File Carving Reconstruct deleted

files from unallocated storage based on file content, absence of file system meta-data

Deleted File Recovery Reconstruct deleted

files from unallocated storage based on file system meta-data

6

Page 7: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Test Cases: 1 & 2

• No Padding - no fill

• Cluster Padded - basic

Zero fill to end of last sector

cluster sized blocks of text between pictures

7

Page 8: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Tools Demonstration

• Adroit v3.1d

• Recover My Files v5.2.1

• R-Studio v6.2

8

Page 9: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Test Cases: 3 & 4

cluster sized blocks of text fragmenting pictures in order

• Fragmented in order

• Incomplete

A A A B B B

cluster sized blocks of text between pictures

with missing fragments

B C A C A B

9

Page 10: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Test Cases: 5 & 6

cluster sized blocks of text fragmenting pictures in disorder

• Fragmented out of order

• Braided

A A A B B B C C

A1 A2 B1 B2

10

Page 11: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Test Cases: 7

• Byte Shifted

dd image starts here

11

Page 12: Graphic File Carving Demonstration - csrc.nist.gov be identified in this presentation in order to describe an experimental procedure or concept ... investigations of computer-related

Thank You

Rick Ayers [email protected]

Jenise Reyes-Rodriquez [email protected]

Dr. James Lyle (Project Lead)

[email protected]

www.cftt.nist.gov

mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
http://www.cftt.nist.gov

Bone carving

Bone carving

Education
WOOD CARVING KNIVES SPOON CARVING KNIVES TOOL SETS CHISELS BLADES ACCESSORIES · 2019. 9. 3. · | 7 WOOD CARVING KNIVES C7 – Small Detail Wood Carving Knife This Small Chip Carving

WOOD CARVING KNIVES SPOON CARVING KNIVES TOOL SETS CHISELS BLADES ACCESSORIES · 2019. 9. 3. · | 7 WOOD CARVING KNIVES C7 – Small Detail Wood Carving Knife This Small Chip Carving

Documents
Ice carving

Ice carving

Documents
Wood Carving Illustrated Index to Issue 82.pdf · Chip Carving - Understanding Chip Carving Desig 2017: 79 34: Chip Carving pattern and instructions 2015: 72 62: Chip carving, how

Wood Carving Illustrated Index to Issue 82.pdf · Chip Carving - Understanding Chip Carving Desig 2017: 79 34: Chip Carving pattern and instructions 2015: 72 62: Chip carving, how

Documents
Carving Preview

Carving Preview

Documents
Vegetable Carving

Vegetable Carving

Business
LOGGING DAYS Wood Carving Showcaseloggingdays.com/.../Wood-Carving-Showcase-2017-V5.pdf · LOGGING DAYS Wood Carving Showcase Wicked Willow Beds By Beau SILENT AUCTION CARVING AVAILABLE

LOGGING DAYS Wood Carving Showcaseloggingdays.com/.../Wood-Carving-Showcase-2017-V5.pdf · LOGGING DAYS Wood Carving Showcase Wicked Willow Beds By Beau SILENT AUCTION CARVING AVAILABLE

Documents
Integration under ACA: Carving-in or Carving-out ?

Integration under ACA: Carving-in or Carving-out ?

Documents
Carving Practicum

Carving Practicum

Documents
Sandalwood Carving Sagara - D'Sourcedsource.in/.../downloads/file/sandalwood-carving-sagara.pdf · 2018. 6. 14. · Wood carving art is carried from their ancestors. ... carving methods

Sandalwood Carving Sagara - D'Sourcedsource.in/.../downloads/file/sandalwood-carving-sagara.pdf · 2018. 6. 14. · Wood carving art is carried from their ancestors. ... carving methods

Documents
Coloring Outside the Lines at NDIA - csrc.nist.gov

Coloring Outside the Lines at NDIA - csrc.nist.gov

Documents
The Future of Cyber Security - csrc.nist.gov

The Future of Cyber Security - csrc.nist.gov

Documents
Your First Relief Wood Carving - Classic Carving Patterns

Your First Relief Wood Carving - Classic Carving Patterns

Documents
Wood carving

Wood carving

Art & Photos
Encrypted Search - csrc.nist.gov

Encrypted Search - csrc.nist.gov

Documents
Carving Collection

Carving Collection

Documents
Code Signing Paper - csrc.nist.gov · PDF fileNIST Cybersecurity White Paper csrc.nist.gov ... An effective and common method of protecting software is to apply a digital ... which

Code Signing Paper - csrc.nist.gov · PDF fileNIST Cybersecurity White Paper csrc.nist.gov ... An effective and common method of protecting software is to apply a digital ... which

Documents
Carving Manual

Carving Manual

Documents
Classic carving

Classic carving

Engineering
WOODCARVING COURSES - · PDF fileWoodcarving Courses. covers wood carving tools, carving design and motifs, carving drawing and souvenir carving. The third module aims to impart

WOODCARVING COURSES - · PDF fileWoodcarving Courses. covers wood carving tools, carving design and motifs, carving drawing and souvenir carving. The third module aims to impart

Documents
Carving Netsuke

Carving Netsuke

Documents
Stone Carving

Stone Carving

Documents
Carving Nature

Carving Nature

Documents
Carving Portfolio2010

Carving Portfolio2010

Documents
CARVING FAFARAGÁS

CARVING FAFARAGÁS

Entertainment & Humor
24 carving

24 carving

Education
Carving and Turning - capecodturners.org · Chip Carving. Chip Carving. Chip Carving. Low Relief Uses basic carving tools Shallow depth 1/16” –1/8 ... Carving and Turning Author:

Carving and Turning - capecodturners.org · Chip Carving. Chip Carving. Chip Carving. Low Relief Uses basic carving tools Shallow depth 1/16” –1/8 ... Carving and Turning Author:

Documents
Carving Wood

Carving Wood

Documents
Router Carving Duplicator and Carving Techniques

Router Carving Duplicator and Carving Techniques

Documents
Chip Carving

Chip Carving

Documents