Accession Number:

ADA496275

Title:

Methods for Creating Realistic Disk Images for Forensics Tool Testing and Education

Descriptive Note:

Technical rept. 1 Nov 2008-30 Jan 2009

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Report Date:

2009-03-17

Pagination or Media Count:

35.0

Abstract:

Both testing of computer storage forensics tools, and education in conducting computer forensics require reference drive images with known characteristics. Without a known ground-truth it is not possible to fully verify the ability of a tool or a students analytical technique on whether they capture the important data residing on the drive. Due to privacy concerns existing corpa of drive images from real users cannot be used, so we must construct drive images that do not contain any privacy-related information. This paper discusses methods to generate drive images constructively and the concerns that must be taken into account to ensure they are realistic, reflecting not only the particular testing scenario desired, but also appropriate background noise. Further we discuss competing methods to accomplish this and propose a means of automating the entire process.

Subject Categories:

  • Operations Research
  • Cybernetics

Distribution Statement:

APPROVED FOR PUBLIC RELEASE