Search and CompAre Reverse (SCAR): A Bioinformatics–Inspired Methodology for Detecting File Remnants in Digital Forensics

Authors

  • George Grispos University of Nebraska at Omaha
  • William Mahoney University of Nebraska at Omaha
  • Sayonnha Mandal University of Nebraska at Omaha

DOI:

https://doi.org/10.34190/iccws.18.1.1031

Keywords:

digital forensics, digital investigations, filesystems

Abstract

A storage device may contain data that an individual is legally or morally not allowed to possess. Or, a disgruntled company employee may intentionally destroy corporate files, assuming once deleted the information is lost forever. The data could take the form of a database owned by a competitor, illegal images, or videos, or trade secrets or confidential business information. Fragments of the data may very well still be present on the disk drive, for example, and forensic tools may be capable of recovering some of the confidential information. This paper introduces Search and CompAre Reverse (SCAR), inspired from tools used in the bioinformatics community. The contribution is an initial empirical investigation into the use of this bioinformatics-inspired approach to deduce the partial existence of patterns in cases where traditional digital forensics tools cannot detect the type of the file due to overwriting the file signature portion of the file.

Downloads

Published

2023-02-28

Issue

Vol. 18 No. 1 (2023): Proceedings of the 18th International Conference on Cyber Warfare and Security

Section

Academic Papers

License

Copyright (c) 2023 George Grispos, William Mahoney, Sayonnha Mandal

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.