DOI QR코드

DOI QR Code

플래시 메모리 기반 저장장치에서 디지털 포렌식을 위한 데이터 무결성에 영향을 주는 특성 및 기술 연구

A Study on Characteristics and Techniques that Affect Data Integrity for Digital Forensic on Flash Memory-Based Storage Devices

  • 이현섭 (백석대학교 컴퓨터공학부)
  • Hyun-Seob Lee (Division of Computer Engineering, Baekseok University)
  • 투고 : 2023.03.23
  • 심사 : 2023.05.07
  • 발행 : 2023.06.30

초록

디지털 포렌식에서 가장 중요하게 여기는 특징 중 하나는 무결성이다. 무결성은 데이터가 변조되지 않았음을 의미한다. 디지털 포렌식 과정에서 증거를 수집하는데 이 증거가 나중에 변조되었다면 증거로 사용될 수 없다. 아날로그 증거물은 사진을 찍어놓는 방식 등을 통해 변조된 사실을 쉽게 파악할 수 있다. 그러나 저장매체 속의 데이터 즉, 디지털 증거는 눈에 보이지 않기 때문에 변조되었는지 알기가 어렵다. 그래서 이 증거 데이터가 증거 수집 단계에서 법정 제출까지의 과정 중 변조가 되지 않았음을 증명하기 위해 해시값을 사용한다. 해시값은 증거 수집 단계에서 저장 데이터로부터 수집한다. 그러나 NAND 플래시 메모리는 내부적인 동작의 특성 때문에 시간이 지나면 물리적 데이터 형상이 수집 단계와 달라질 수 있다. 본 논문에서는 고의적인 데이터 훼손을 시도하지 않더라도 플래시 메모리의 물리적 형상이 변경될 수 있는 플래시 메모리의 특성 및 기술들을 연구한다.

One of the most important characteristics of digital forensics is integrity. Integrity means that the data has not been tampered with. If evidence is collected during digital forensic and later tampered with, it cannot be used as evidence. With analog evidence, it's easy to see if it's been tampered with, for example, by taking a picture of it. However, the data on the storage media, or digital evidence, is invisible, so it is difficult to tell if it has been tampered with. Therefore, hash values are used to prove that the evidence data has not been tampered with during the process of collecting evidence and submitting it to the court. The hash value is collected from the stored data during the evidence collection phase. However, due to the internal behavior of NAND flash memory, the physical data shape may change over time from the acquisition phase. In this paper, we study the characteristics and techniques of flash memory that can cause the physical shape of flash memory to change even if no intentional data corruption is attempted.

키워드

과제정보

This paper was supported by 2023 Baekseok University Research Fund

참고문헌

  1. H.J.Seong, J.H.Jung, K.R.Park and S.J.Cho, "Research Trends in Vehicle Digital Forensics Focused on Infotainment Systems and Mobile Devices," Journal of KIISE, Vol.41, No.1, pp.38-45, 2023.
  2. J.O.Lee and T.S.Shin, "Forensics for Android and Linux-based file system on IoT platform," Journal of Digital Contents Society, Vol.23, No.2, pp.335-342, 2023. https://doi.org/10.9728/dcs.2023.24.2.335
  3. W.K.Jung and S.J.Lee, "Measures to maintain the admissibility of evidence for taking over digital evidence in accordance with the adjustment of the police.prosecution investigation authority," Journal of Digital Forensics, Vol.16, No.2, pp.126-141, 2022. https://doi.org/10.22798/KDFS.2022.16.2.126
  4. H.J.Jung and S.J.Lee, "Digital forensic technology trends in the Internet of Things era," Journal of KIISE, Vol.38, No.9, pp.33-39, 2020.
  5. S.B.Suhaili, C.C.A.Niam, Z.M.Zainn and N.Julai, "Design and Implementation of MD5 Hash Function Algorithm Using Verilog HDL," Proceedings of the 12th National Technical Seminar on Unmanned System Technology 2020, Vol.770, pp.499-510, 2021.
  6. U.Kumar and V.C.Venkaiah, "A New Modified MD5-224 Bits Hash Function and an Efficient Message Authentication Code Based on Quasigroups," Cyber Security, Privacy and Networking, Vol.370, 2022.
  7. F.Zhai, P.Tao, B.Xu, X.Liang and Y.Cao, "Research and System Design of Remote Comparison Method for Embedded Device Files," 2022 International Symposium on Advances in Informatics, Electronics and Education (ISAIEE). pp.137-141, 2022.
  8. M.Ali, A.Ismail, H.Elgohary, S.Darwish and S.Mesbah, "A Procedure for Tracing Chain of Custody in Digital Image Forensics: A Paradigm Based on Grey Hash and Blockchain," Symmetry, Vol.14 No.2, pp.344, 2022.
  9. Z.Wang, X.Dong, Y.Kang and H.Chen, "Parallel SHA-256 on SW26010 many-core processor for hashing of multiple messages," The Journal of Supercomputing, Vol.79, pp.2332-2355, 2022.
  10. E.A.Adeniy, P.B.Falola, M.S.Maashi, M.Aljebreen and S.Bharany," Information, Vol.13, No.10, pp.442, 2022.
  11. M.Yang, Y.Zhang, B.Yang, H.Wang, S.Yin, S.Wei, L.Liu, "A SHA-512 Hardware Implementation Based on Block RAM Storage Structure," 2022 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW), pp.132-135, 2022.
  12. D.P.Purba, "Analisa Dan Perbandingan Algoritma Whirpool Dan Sha-512 Dalam Penyandian Data Gambar," Bulletin of Artificial Intelligence, Vol.1, No.1, pp.8-12, 2022. https://doi.org/10.62866/buai.v1i1.2
  13. H.S.Lee, "A Prediction-Based Data Read Ahead Policy using Decision Tree for improving the performance of NAND flash memory based storage devices," The Korea Internet of Things Society, Vol.8, No.4, pp.9-15, 2022.
  14. H.S.Lee, "A Safety IO Throttling Method Inducting Differential End of Life to Improving the Reliability of Big Data Maintenance in the SSD based RAID," The Society of Digital Policy & Management, Vol.20, No.5, pp.593-598, 2022.
  15. H.S.Lee, "Performance analysis and prediction through various over-provision on NAND flash memory based storage," The Society of Digital Policy & Management, Vol.20, No.3, pp.343-348, 2022.
  16. H.S.Lee, "A method for optimizing lifetime prediction of a storage device using the frequency of occurrence of defects in NAND flash memory," The Korea Internet of Things Society, Vol.7, No.4, pp.9-14, 2021.