File Recovery Method in NTFS-Based Damaged RAID System

Jong Hyun Choi, Sangjin Lee

    Research output: Contribution to journalArticlepeer-review

    2 Citations (Scopus)

    Abstract

    Due to the recent demand for mass storage devices, a redundant array of independent disks (RAID) is used in network-attached storage (NAS), direct-attached storage (DAS), servers, and workstations in addition to laptops and PCs. RAID makes multiple disks into volumes, and alternately stores stripe sizes on member disks. Due to these characteristics, RAID systems create several research issues in digital forensics. One of them, a damaged RAID system, is a case where the RAID configuration information is known, but some member disks are lost. The damaged RAID system has lost some member disks, so it stores a striped filesystem and files when reassembled into volumes. Striped file systems and files are distinctive forms in which data is fragmented within volumes so that meaningful data must be found in the fragmented data. This form is not supported by previous research or other digital forensics tools, and is unknown. In this paper, targeting the NTFS file system, which is the most used file system, we propose and verify a file recovery method from a damaged RAID system by combining RAID reconstruction, file system analysis, striped file system analysis, file carving, and striped file analysis.

    Original languageEnglish
    Article number40
    JournalHuman-centric Computing and Information Sciences
    Volume12
    DOIs
    Publication statusPublished - 2022

    Bibliographical note

    Publisher Copyright:
    © 2022, Human-centric Computing and Information Sciences. All Rights Reserved.

    Keywords

    • Damaged raid
    • File recovery
    • Striped file
    • Striped file system

    ASJC Scopus subject areas

    • General Computer Science

    Fingerprint

    Dive into the research topics of 'File Recovery Method in NTFS-Based Damaged RAID System'. Together they form a unique fingerprint.

    Cite this