• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.463-470
• /
• 2016

With the growing demand for MAC-based system, the need for digital forensic techniques of these system has been increasing. In the digital forensic analysis process, sometimes analysts have recovered the deleted files when they prove the allegations if system user try to remove the evidence deliberately. Research and analysis that recover the deleted files from a file system constantly been made and HFS+ that is a file system of MAC-based system also has been researched. Carving techniques primarily has been used to recover the deleted file from HFS+ a file system because metadata of folder or file overwrite metadata of a deleted file when file is deleted from a file system on HFS+ characteristic. But if the file content is saved by separated state in a file system, Carving techniques also can't recover the whole or a part of the deleted file. In this paper we describe technique the deleted file recovery technique using HFS+ file system a journal. This technique that is suggested by existing research and analysis result is the technique that recover the deleted file by metadata that is maintained in a journal on HFS+ file system. but this technique excludes specific files and this problem needs to be reformed. In this paper we suggest algorithm that analysis a journal of HFS+ file system in detail. And we demonstrate that the deleted file cat be recovered from the extracted metadata by this algorithm without the excluded file.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.107-118
• /
• 2010

This paper proposes a digital forensic method to a file creation transaction using a journal file($LogFile) on NTFS File System. The journal file contains lots of information which can help recovering the file system when system failure happens, so knowledge of the structure is very helpful for a forensic analysis. The structure of the journal file, however, is not officially opened. We find out the journal file structure with analyzing the structure of log records by using reverse engineering. We show the digital forensic procedure extracting information from the log records of a sample file created on a NTFS volume. The related log records are as follows: bitmap and segment allocation information of MFT entry, index entry allocation information, resident value update information($FILE_NAME, $STANDARD_INFORMATION, and INDEX_ALLOCATION attribute etc.).

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.3
• /
• pp.21-28
• /
• 2016

File Time information has a significant meaning in digital forensic investigation. File time information in Linux Ext4 (Extended File System 4) environment is the Access Time, Modification Time, Inode Change Time, Deletion Time and Creation Time. File time is variously changed by user manipulations such as creation, copy and edit. And, the study of file time change is necessary for evidence analysis. This study analyzes the change in time information of files or folders resulting from user manipulations in Linux operating system and analyzes ways to determine real time of malware infection and whether the file was modulation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.302-304
• /
• 2013

The embedded systems on linux environment, commonly equip a file system as mini hard disk or flash memory to keep data. The types of the file system of the system are various according to it's operating system. Anyway, the more embedded system depends on the file system, the selection of the type of the file system effects more on the performance of the system. This thesis performs the performance benchmark of a FAT and Ext file systems. As the result, it is discussed that what file system is better at which case. These results are helpful at the selection of flash file system of the embedded systems on linux environment.

• Journal of the Institute of Convergence Signal Processing
• /
• v.14 no.3
• /
• pp.181-190
• /
• 2013

In this paper, we designed file system in order to utilize data analysis by using correlation result from Daejeon correlator including related software development. Correlation results are consisted of visibility component (amplitude and phase) of radio source, but for data analysis of correlation result, various information such as weather, radio telescope position, observation time, radio source position, source type, and receiver noise temperature are needed. In this paper, we designed file system as a directory-structure for making use of these informations at Linux system for analyzing data and developed software to make file system. To verify the effectiveness of designed file system and developed software, file system generation experiment is conducted, and then astronomers accepted that there is no severe problem for scientific analysis using designed file system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.1
• /
• pp.109-114
• /
• 2014

Recently the operating system share of linux on embedded system is increasing. The embedded systems on linux environment, commonly equip a file system as mini hard disk or flash memory to keep data. The types of the file system of the system are various according to it's operating system. Anyway, the more embedded system depends on the file system, the selection of the type of the file system effects more on the performance of the system. This thesis performs the performance benchmark of a FAT and Ext file systems which are most popular in embedded system. As the result, it is discussed that what file system is better at which case. These results will be a index at the selection of flash file system of the embedded systems on linux environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.1
• /
• pp.136-140
• /
• 2015

Linux environment that is commonly used at embedded systems supports various file systems as Ext2, FAT, NTFS, etc. The file system that is equiped on the embedded system is mostly implemented on mini hard disk or flash memory. The types of the file system of the system make an effect on the performance of a application programs. The factors of file system performance on a same media are block read, block write and block free time. On these factors, block read and block free time are not so different according to the type of file systems. This paper evaluates the performance benchmark of file systems supported by linux about block allocation and write performance. The results obtained from various experiments shows the characteristics of each file system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.355-357
• /
• 2014

Linux environment that is commonly used at embedded systems, supports various file systems as Ext2, FAT, NTFS, ets. The file system that is equiped on the embedded system is mostly implemented on mini hard disk or flash memory. The types of the file system of the system make an effect on the performance of a application programs. The factors of file system performance on a same media are block allocation and block free time. On these factors, block free time is not so different according to the type of file systems. This thesis performs the performance benchmark of a Ext2, FAT and NTFS file systems about block allocation performance. As the result, it is discussed that what file system is better at which case.

• Journal of Information Technology Services
• /
• v.7 no.1
• /
• pp.195-204
• /
• 2008

As the dependency to network system and demands of efficient storage systems rapidly grows in every networking filed, the current trends initiated by explosive networked data grow due to the wide-spread of internet multimedia data and internet requires a paradigm shift from computing-centric to data-centric in storage systems. Furthermore, the new environment of file systems such as SAN(Storage Area Network) is adopted to the existing storage paradigm for providing high availability and efficient data access. We describe the design issues and system components of $SANique^{TM}$, which is the cluster file system based on SAN environment. We, especially, present the comparative results of performance analysis for the intensive I/O test by using the DBMSs that are operated at the top of cluster file system $SANique^{TM}$, EXT3 and NFS respectively.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.100-102
• /
• 2001

Intensive I/O bandwidth demand of the multimedia streaming service puts significant burden on file system. Different from the legacy text based or image data, the semantics of the data in multimedia format can be significantly affected if the data block is not delivered by the predefined deadline. The legacy file system used in Unix or Unix like environment is designed to efficiently handle the files who sizes range from few hundreds of byte to several tens of gigabytes. This fundamental design philosophy results in the file system based on multi level skewed tree structure. Multi level i-node structure has significant drawback when the application performs sequential read operation. In this article, we present the result of the performance study of the file system which is specifically designed for handling multimedia streams. We implemented the file system on Linux Operating System environment and examines the performance behavior of the file system under streaming I/O workload. The result of the study shows that the proposed file system performs much more efficiently than the ext2 file system of Linux does.