Publikation
From Trash to Treasure: Enriching evidence with AI based carving in Digital Forensics
Tobias Fischer; Matthias Müller; Tobias Wirth; Andrey Guzhov; Lucas Howes; Dominik Ospelt
In: European Academy of Forensic Science Conference 2025. European Academy of Forensic Science Conference (EAFS-2025), located at EAFS-2025, May 26-30, Dublin, Ireland, Forensic Science Ireland, 2025.
Zusammenfassung
Identifying evidence in cybersecurity and digital crime investigations is a crucial task in Digital Forensics. In many cases, relevant data might be inaccessible due to hidden, deleted or overwritten files, requiring the application of advanced algorithms to recover the information. File carving is one such technique, which reconstructs lost files based on their internal structure without relying on file system metadata. Recently, Artificial Intelligence (AI) has emerged as a promising method to significantly increase the performance and quality of data recovery methods. In this work, we introduce an AI-driven method to improve the file carving process, particularly for reconstructing fragmented files that classical carving techniques fail to recover. Our approach focuses on image file formats, establishing a pipeline from reading byte-level data to decoding images. First, we identify the file type for each sector in the non-allocated space. Next, we cluster related fragments for each file type to form groups corresponding to individual files. Finally, the fragments within each group are ordered and decoded to recover a complete image file.
This poster presents our state-of-the-art AI based algorithm for file carving and data recovery, detailing its technical aspects and results from recovery studies using real-world cases. We compare the performance of our method with classical carving techniques, highlighting the significant advantages it offers for law enforcement agencies in terms of recovery accuracy and efficiency.