The objective of this project is to develop a file system forensics tool capable of detecting deleted, hidden, and suspicious files. The system assists forensic investigators in recovering potential evidence from storage media without altering original data.
Study file system structures such as FAT, NTFS, or EXT and how files are stored and deleted.
Research common file hiding and deletion techniques used to conceal digital evidence.
Design a software tool that scans storage directories to identify hidden and deleted file entries.
Implement read-only file access to ensure forensic soundness during analysis.
Develop logic to detect file anomalies such as mismatched extensions or altered timestamps.
Implement file metadata extraction including size, creation date, modification date, and permissions.
Provide functionality to preview recoverable files without modifying original storage.
Generate detailed forensic reports summarizing detected deleted or hidden files.
Test the tool using simulated storage environments with intentionally deleted files.
Document findings, limitations, and possible future enhancements of the tool.
