Improved deleted file recovery technique for Ext2/3 filesystem

Digital devices are increasingly being used in various crimes, and therefore, it becomes important for law enforcement agencies to be able to investigate and analyze digital devices. Accordingly, there is an increasing demand for digital forensic technologies which can recover the data concealed or deleted by criminals that are of prime importance. There are various digital forensic tools available for Windows-based systems and relatively a few of those for Linux-based systems. Thus, this paper suggests a deleted file recovery technique for the Ext 2/3 filesystem, which is commonly used in Linux. The research involved the analysis of the Ext filesystem structure, file storage structure, and metadata information of file. The shortcomings of the existing methods and methods implemented by the proposed technique to address them are presented. Further, a comparison of the performance of the proposed technique and that of the existing methods is presented.