By Topic

An Automatic Carving Method for RAR File Based on Content and Structure

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Yingjie Wei ; Comput. & Software Inst., Hangzhou Dianzi Univ., Hangzhou, China ; Ning Zheng ; Ming Xu

File carving is a digital forensic technique. It aims to reconstitute a file from unstructured data sources with no knowledge of the file system. This paper presents an automatically carving method for RAR files. Since RAR is one of the most popular archive formats, and it is widely used on the digital devices to package data for transport or storage. It is important for forensic investigation to obtain the information of RAR files. We apply mapping function to locate the header and footer of an archived file, utilize the distance between the header and footer of an archived file to determine whether the archived file is fragmented, and apply enumeration to reassemble bi-fragmentation of an archived file. Finally we validate the integrity of archived file and RAR file, repairing RAR files which miss header or footer. Based on artificial data and real world data, experiments show our method can automatically carve continuous and fragmented RAR files. Moreover, the comparative experiments demonstrate that this method is better than other's in accurateness and effectiveness.

Published in:

Information Technology and Computer Science (ITCS), 2010 Second International Conference on

Date of Conference:

24-25 July 2010