File systems, being one of the core components of any computational device, contain the most important information which makes them pivotal to any digital forensics investigation. However, file system parsing is a complex process. Existing file system forensic software are capable of processing large datasets but often at the cost of either performance or resource utilisation. Slow evidence processing has a direct impact on investigation time, while higher resource requirements have a monetary impact. Digital Forensics labs are often on a constrained budget in terms of both time and money. So, they often need to define priorities on a case-by-case basis. Another major concern for forensic investigators is correctness. Tools that suffer from memory management issues may generate inconsistent reports or worse yet, increase overall attack surface for malware that may pollute investigator's workstation. This research proposes a novel open-source exFAT file system parsing library. It has been validated against the current open-source state-of-the-art: The Sleuth Kit (TSK), on a dataset of disk images ranging from 1MiB to 1TiB. Experimental results indicate that the proposed tool is 40 times faster and 17 times more memory efficient than TSK.

Exfat; Parsers; File system forensics; Digital forensics