Data carving using artificial headers

Document Type

Conference Proceeding

Publication Title

Proceedings of the 13th Annual Security Conference


Information Institute


School of Science / Security Research Institute




Daniel, R., Clarke, N. L., & Li, F. (2014). Data Carving using artificial headers. In proceedings of the Annual Information Institute Conference, May, 22-24, 2014. Available here


Digital forensic tools are an essential requirement in criminal and increasingly civil cases in order to process electronic evidence. Investigators rely upon the functionality of these tools to identify and extract relevant artifacts. One of these key processes is data carving – an approach that ignores the file system and analyses the drive for files that match a particular signature. Unfortunately, however, other than simple files, data carving has many limitations that result in either missing files or producing high numbers of false alarms. The core of their detection is largely based upon a signature appearing in the header of the file. However, for files that have corrupted or missing headers, modern data carvers are unable to recover the file successfully. This paper proposes a new approach to data carving that inserts an artificial header onto the file, thereby circumventing the header issue. Experiments have demonstrated that this approach is able to successfully recover files that no current data-carving tools are able to achieve.

Access Rights