The Toolkit for Selective Analysis & Reconstruction of Files (FileTSAR) captures data flows and provides a mechanism to selectively reconstruct multiple data types, including documents (e.g., doc, docx, pdf), images (e.g., jpg, png, gif) email (based on SMTP, IMAP, IMP), and VoIP sessions for large-scale computer networks. We aimed to create a tool that addressed the challenges faced by digital forensic examiners when investigating cases involving large-scale computer networks. FileTSAR also uses hashing for each carved file to maintain the forensic integrity of probative data.
This project was funded by the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice (#2016-MU-MU-K091). Any statements on this website are those of the authors and do not necessarily reflect the views of the U.S. Department of Justice.
Research team:
Kathryn Seigfried-Spellar, John Springer, Justin Yang, and Marcus Rogers
Purdue University
Raymond Hansen
Wentworth Institute of Technology
Graudate Research Assistants:
Seunghee Lee, Siddharth Chowdhury, Niveah Abraham, Nicolas Vukadinovic, Xiang Liu, Kelsey Billups
Purdue University