* The name and version of existing carving programs that were used. PhotoRec 6.7 has been used. http://www.cgsecurity.org/wiki/PhotoRec * A description of algorithms you developed for the challenge. Data carving is the process of extracting a collection of data from a larger data set. Data carving techniques frequently occur during a digital investigation when the unallocated file system space is analyzed to extract files. The files are "carved" from the unallocated space using file type-specific header and footer values. File system structures are not used during the process. This is exactly how PhotoRec works. Unfortunatly no new algorithm have been developped since last year challenge. PhotoRec handles some simple cases of data fragmentation (JPG1a JPG2 JPG1b). * Working source code of tools you developed for the challenge or pseudo code and a working executable (the executable will not be published with the submission on the website). http://www.cgsecurity.org/testdisk-6.7.tar.bz2 * How the number of false positives was reduced. Text or mailbox files are the major source of false positives. * Compilation ncurses and jpeg librairies are required, use "./configure && make" for the compilation itself. * How PhotoRec has been tested ? rm -rf recup_dir.* photorec.log photorec.ses photorec /debug /log /d recup_dir /cmd dfrws-2007-challenge.img partition_none,options,keep_corrupted_file,search * How files_bad.csv and files_good.csv have been produced ? perl dfrws-2007.pl > tmp echo "MD5;Sectors;File Size;File Type" > files_bad.csv grep "^b;" tmp|cut -d';' -f2- >> files_bad.csv echo "MD5;Sectors;File Size;File Type" > files_good.csv grep "^f;" tmp|cut -d';' -f2- >> files_good.csv rm -f tmp Christophe Grenier http://www.cgsecurity.org