The proposed method relies on identifying the structure of the RAR file rather than relying on file system metadata.

Advanced Digital Forensic Methodologies for the Reconstruction of Corrupted RAR Files

The automatic carving of RAR files is essential for forensic investigation. The presented approach provides a reliable tool for reconstructing fragmented or partially overwritten RAR archives, directly contributing to the integrity of digital evidence.

The distance between the detected header and footer is used to determine if the file is continuous or fragmented.

RAR is a popular proprietary lossless compression archive format (WinRAR).