KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Selective Recovery of the SSD TRIM Command in Digital Forensics

디지털 포렌식 관점에서 SSD TRIM 명령의 선별적 복구

  • Received : 2015.07.22
  • Accepted : 2015.08.31
  • Published : 2015.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, market trends of auxiliary storage device HDD and SSD are interchangeable. In the future, the SSD is expected to be used more popular than HDD as an auxiliary storage device. The TRIM command technique has been proposed and used effectively due to the development of the SSD. The TRIM command techniques can be used to solve the problem of Freezing SSD that operating system cooperates with the SSD. The TRIM command techniques are performed in the idle time of the internal SSD that are actually deleted when a user deletes the data. However, in the point of view of computer forensics, the digital crime is increasing year by year due to lack of data recovery. Thus, this rate of arrest is insufficient. In this paper, I propose a solution that selectively manages data to delete based on advantage of the stability and the write speed of the TRIM command. Through experiments, It is verified by measuring the performance of the traditional method and selected method.

최근 보조기억장치 스토리지 시장 추세는 HDD와 SSD가 혼용되어 사용되고 있다. 미래에는 HDD보다 SSD가 보조기억장치 역할로 더욱 많이 사용될 것으로 예상되고 있다. SSD 기술이 발달하면서 이를 효율적으로 사용하기 위해 TRIM 명령기법이 나오게 되었다. TRIM 명령기법은 과거 SSD의 문제점인 Freezing 현상을 해결하기 위해 나온 명령으로 운영체제와 SSD가 협동하여 작동한다. TRIM 명령기법은 사용자가 데이터를 삭제하였을 때 SSD 내부에서도 실제로 삭제하는 기법으로 유휴시간에 수행한다. 하지만, 디지털 포렌식 관점에서 본다면 디지털 범죄는 매년 급증하지만 데이터 미복구로 인한 검거율은 미흡하다. 본 논문에서는 기존 TRIM 명령의 장점인 안정성(Freezing Solution)과 쓰기 속도를 최대한 지원하며 선별적으로 데이터를 관리하여 삭제하는 기법을 제안한다. 실험을 통해 기존 기법과 선별된 기법의 성능을 측정하여 검증한다.

Keywords

References

  1. I. R. Jeong, D. W. Hong, and K. I. Chung, "Technologies and Trends of Digital Forensics", Electronics and Telecommunications Research Institute, Electronics and Telecommunications Trends, Vol.22, No.1, pp.97-104, 2007.
  2. D. H. Kang and Y. I. Eom, "Analyses of the Characteristics of Trim Command in Solid State Drives," Proc. of the Korean Information Science Society Conference, Vol.2014, No.6, Jun., 2014.
  3. H. S. Shin, "A Study on the possibility of logical data recovery of SSD consequential enable TRIM," Dongguk Graduate School of International Affairs & Information G, Aug., 2013.
  4. Forensic-proof, "SSD Forensics: TRIM Command," [Internet], http://forensic-proof.com.
  5. S. H. Lee, M. S. Shin, and D.-J. Park, "Preventing Deleted File Recovery using Block Permutation on NAND Flash Memory," KIISE: Database, Vol.39, No.6, Dec., 2012.
  6. B. Dipert and M. Levy, "Designing with Flash Memory," Annabooks Publisher Poway, CA, USA, 1993.
  7. S.-W. Lee, D.-J. Park, et al., "A log buffer-based flash translation layer using fully-associative sector translation". ACM Transactions on Embedded Computing Systems, Vol.6, No.3, Jul., 2007.
  8. L.-P. Chang, T.-W. Kuo, and S.-W. Lo, "Real-Time Garbage Collection for Flash-Memory Storage Systems of Real-Time Embedded Systems," ACM Transactions on Embedded Computing Systems, Vol.3. No.4, Nov., 2004.
  9. X. Wang and J. Wang, "A Wear-Leveling Algorithm for Nand Flash in Embedded System," 5th IEEE Intemational Symposium on Embedded Computing, Oct., 2008.
  10. M. Saxena and M. M. Swift, "FlashVM: Virtual memory management on flash," Proc. of the 2010 USENIX Annual Technical Conf. (USENIX ATC), Jun., 2010.
  11. J. Kim, H. Kim, S. Lee, and Y. Won, "FTL design for TRIM command," Proc. of 5th Int'l Workshop on Software Support for Portable Storage (IWSSPS), 2010.
  12. N. Agrawal, V. Prabhakaran, T. Wobber, J. D. Davis, M. Manasse, and R. Panigrahy. "Design tradeoffs for SSD performance," Proc. of USENIX Annual Technical Conference, Jun., 2008.
  13. [Internet], http://articles.forensicfocus.com/2012/10/23/whyssd-drives-destory-court-evidence-and-what-can-be-done-about-it/xhsl.