Author: Makoma Toona, Senior Consultant for IT Forensic, Control Risks.
Digital forensics is the process of extracting data that can be used as potential evidence against its digital exploitation from an electronic system/network. It entails applying tools, software, and other resources for identifying and extracting information from digital media. File carving is one of the most prominent techniques for acquiring data from a compromised device. It helps in extracting hidden, deleted, corrupted, or overwritten files from the storage device. This paper presents a comprehensive study of file carving. The concepts of file structure and file carving steps and techniques are incorporated into various sections and discussed. The prime focus of this paper is to review the different techniques involved in file carving whose implementation is classified based on multiple factors such as type of file, its fragmentation state, the difficulty of file recovery, etc. At the same time, the limitations of these techniques are discussed in brief