Honors Theses
Date of Award
7-2024
Document Type
Undergraduate Thesis
Degree Name
BS
Department
Information Systems and Technology
Faculty Mentor
Michael Black
Advisor(s)
Todd McDonald, Jeff Holifield
Abstract
As society increasingly relies on technology, the rates of cyber crime have been increasing at exponential rates. Cyber criminals are also discovering new ways to hide evidence of their crimes. This study develops a forensic analysis algorithm to evaluate the amount of file slack on an image of a drive. Slack space, leftover drive space on a disk sector after a file has been written, can be exploited to hide data. The algorithm aims to detect and calculate this slack space to help direct forensic investigations. The algorithm was evaluated on a population dataset of 100,000 files with random data and random sizes from 1 to 4096 bytes. The initial ten experiments returned a 100% success rate, identifying all filenames and slack space accurately. To ensure reliability of the algorithm and to test against false-positives, two additional experiments were conducted with intentionally altered control data. In these experiments, the algorithm was able to accurately detect discrepancies. Future work can be done to enhance the algorithm for specific use cases, like reproducing data in slack space or navigating fragmented files. The algorithm’s success rates indicate that it can be useful in forensic investigations.
Recommended Citation
Flynn, Nicholas, "Development of an Algorithm to Identify and Calculate the Amount of File Slack on an Image of a Given Drive" (2024). Honors Theses. 91.
https://jagworks.southalabama.edu/honors_college_theses/91
Included in
Cybersecurity Commons, Other Computer Sciences Commons, Programming Languages and Compilers Commons, Systems Architecture Commons, Theory and Algorithms Commons
Comments
© 2024 Nicolas Flynn ALL RIGHTS RESERVED