The Drives Project: From Disk Forensics to Media Exploitation

Simson Garfinkel

A hard drive is a window into the past and a door into the mind. Using forensic techniques the data on a hard drive can reveal who broke into a computer system, what was done, and the perpetrators. Hard drives have proved so useful that they are now routinely seized or imaged in DoD, intelligence, law enforcement, and even civil actions.

But analyzing the information a hard drive today takes the time of a skilled analyst; today's tools lack significant automation and intelligence, and frequently crash. As a result there is a large backlog of hard drives waiting to be analyzed; important information is easily missed or not analyzed for months after it is acquired.

This talk discusses the work to date of the Drives Project, a 9-year (and counting) effort that is creating a large-scale collection of real disk drive images, open source tools, and new techniques for automatically processing data recovered from disk drives and other kinds of storage devices. Today the Drives Project has assembled a corpus of more than 1000 forensically interesting images from hard drives and USB storage devices that were collected all over the world. We have created open source formats, tools and algorithms for automatically analyzing this data in bulk and rapidly producing answers to questions that are relevant to the Defense, Intelligence and Law Enforcement communities. The Project is now in the process of dramatically expanding the global reach of data being acquired and exploring new research opportunities for using this data.


Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California, and a fellow at the Center for Research on Computation and Society at Harvard University.

Dr. Garfinkel has research interests in computer forensics, the emerging field of usability and security, and privacy. Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. Garfinkel's most successful book, Practical UNIX and Internet Security (co-authored with Gene Spafford), has sold more than 250,000 copies in more than a dozen languages since the first edition was published in 1991.

Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.

Garfinkel's CV is located on the Internet at

2 Nov (Friday) at 1630 hrs

Gates 4B (opposite 490)