Air Force

Automated data carving suite for fast recovery and rendering of digital content

Finding, recovering, and reducing false positive output from files that may have been deleted, corrupted or that are embedded inside another file

Software & Information Technology

A digital forensics scientist working for the Air Force Research Laboratory’s Information Directorate has recently developed a modular software package for the salvaging of corrupted data files from most any digital device. The patented technology is available via patent license agreement to companies that would make, use, or sell it commercially.

Salvaging renderable content is the practice of searching for, recovering, and making renderable specific types of content from data sources without knowledge of the file system structures, network protocols, and in-memory data structures. Salvaging and rendering content is very challenging when the surrounding structures and context are unknown.

Digital forensics specialist Eoghan Casey developed a suite of automated data recovery and salvaging software modules for the Air Force that carve content from any digital data source in parallel, and simultaneously utilize searching algorithms specific to multiple content types. The software maintains parallel processes for reading data and for saving carved content in a virtual storage drive in the system’s memory.

Each module searches for specific types of digital content, commands the salvaging platform to save recovered content and performs quick checks based on expected data structures. The method includes providing a data source that has content to be recovered, caching, performing a hash skipping process, pattern matching, and validating. Validation eliminates incomplete, corrupt, and otherwise unrenderable output (false positives).

Recovery using this method can be performed on data from computers, mobile devices, live memory, and network traffic. The technique may be used in digital forensic activities such as document recovery, including in law enforcement investigations, administrative inquiries, forensic accounting matters, and intelligence data exploitation operations.

Do you have questions or need more information on a specific technology? Let's talk.

Contact Us