• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.4
• /
• pp.1-8
• /
• 2012

The NTFS journaling file($LogFile) is used to keep the file system clean in the event of a system crash or power failure. The operation on files leaves large amounts of information in the $LogFile. Despite the importance of a journal file as a forensic evidence repository, its structure is not well documented. The researchers used reverse engineering in order to gain a better understanding of the log record structures of address parts, and utilized the address for identifying object files to gain forensic information.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.49 no.9
• /
• pp.205-214
• /
• 2012

The main thing that IT operation managers consider is protecting assets of corporation from system failure and disaster. Therefore, this research proposed a backup system for a disaster recovery. Previous backup method is that if database update occurs, this record is saved in redo log, and if the size of record file is over than expected, this file is saved in archive log in order. Thus, it is possible to occur errors of data loss from the process of data backup which change in real time while changes of database occur. Suggested backup system is back redo log up to database of transaction log in real time, and back a record that can be omitted from previous backup method up to archive log. When recover the data, it is possible to recover redo log in real time online, and it minimizes data loss. Also, throughout multi thread processing method data recovery is performed and it is designed that system performance is improved. To verify stability of backup system CPN(Coloured Petri Net) is introduced, and each step of backup system is displayed in diagram form, and th e stability is verified based on the definition and theorem of CPN.

• Proceedings of the IEEK Conference
• /
• 2002.07a
• /
• pp.429-432
• /
• 2002

The existing recovery technique using the logging technique in the client/sewer database system only administers the log as a whole in a server. This contains the logging record transmission cost on the transaction that is executed in each client potentially and increases network traffic. In this paper, the logging technique for redo-only log is suggested, which removes the redundant before-image and supports the client-based logging to eliminate the transmission cost of the logging record. Also, in case of a client crash, redo recovery through a backward client analysis log is performed in a self-recovering way. In case of a server crash, the after-image of the pages which needs recovery through simultaneous backward analysis log is only transmitted and redo recovery is done through the received after-image and backward analysis log. Also, we select the comparing model to estimate the performance about the proposed recovery technique. And we analyzed the redo and recovery time about the change of the number of client and the rate of updating operation.

• Journal of KIISE:Databases
• /
• v.28 no.3
• /
• pp.494-511
• /
• 2001

In the environment that database management systems manage disk spaces for storing databases directly, this paper proposes a correct and efficient scheme of performing pending actions for the removal of database files. As for performing pending actions, upon performing recovery, the recovery process must identify unperformed pending actions of not-yet-terminated transactions and then perform those actions completely. Making the recovery process identify those actions through the analysis of log records in the log file is the basic idea of this paper. This scheme, as an extension of the execution of transactions, fuzzy checkpoint, and recovery of ARIES, uses the following methods: First, to identify not-yet-terminated transactions during recovery, transactions perform pending actions after writing 'pa_start'log records that signify both the commit of transactions and the start of executing pending actions, and then write 'eng'log records. Second, to restore pending-actions-lists of not-yet-terminated transactions during recovery, each transaction records its pending-actions-list in 'pa_start'log record and the checkpoint process records pending-actions-lists of transactions that are decided to be committed in 'end_chkpt'log record. Third, to identify the next pending action to perform during recovery, whenever a page is updated during the execution of pending actions, transactions record the information that identifies the next pending action to perform in the log record that has the redo information against the page.

• Journal of Korean Academy of Nursing
• /
• v.29 no.1
• /
• pp.21-33
• /
• 1999

This study was designed to develop a basic plan for computerization of nursing records. The subjects were 7 nursing record forms, 58 charts, 23 nurses, 2 nurse managers, a nurse and computer specialist, 16 master course students and 3 professors. Data collection was conducted through questionnaire, observation and interview. The collected data were analyzed for problems, plan of improvement and needs for computerization. Based upon these results, it is recommended that nursing record computerization was needed a basic plan to integrate needs of nursing record computerization. The basic plan as fellows : 1. To illustrate a data flow path of nursing record and data dictionary that show nurse's work and record process. 2. To establish a system in order to use multi -tasking and graphic user interface. 3. To establish hardware and software in order to embody integrated management of computer based system through structured walkthrough. 4. To choose effective database management system and to achieve Log as record unit.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.275-278
• /
• 2013

Log is a file system, a system that uses all remaining data. Want situation now being issued in the IT, media Nate on information disclosure, the press agency server hack by numbness crime occurred. Hacking crisis that's going through this log analysis software professionally for professional analysis is needed. The present study, about APT attacks happening intelligently Log In case of more than traceback in advance to prevent the technology to analyze the pattern for log analysis techniques.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.2
• /
• pp.27-33
• /
• 2001

In this thesis, we present a simple and efficient recovery method, called ARIES/SR(ARIES/Selective Redo) which is based on ARIES(Algorithm for Recovery and Isolation Exploiting Semantics) ARIES performs redo for all updates done by either nonloser transaction or loser transaction, and thus significant overhead appears during restart after a system failure. To reduce this overhead, we propose ARIES/SR recovery algorithm. In this algorithm, to reduce the redo operations, redo is performed, using log record for updates done by only nonloser transaction. Also selective undo is performed. using log record for update done by only loser transaction for reducing recovery operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.103-114
• /
• 2024

In a situation where drone-related crimes continue to rise, research in drone forensics becomes crucial for preventing and responding to incidents involving drones. Conducting forensic analysis on flight record files stored internally is essential for investigating illegal activities. However, analyzing flight record files generated through the exclusive DUML protocol requires a deep understanding of the protocol's structure and characteristics. Additionally, a forensic analysis tool capable of handling cryptographic payloads and analyzing various drone models is imperative. Therefore, this study presents the methods and characteristics of flight record files generated by drones. It also explains the structure of the flight record file and the features of the DUML packet. Ultimately, we conduct forensic analysis based on the presented structure of the DUML packet and propose an extension forensic analysis system that operates more universally than existing tools, performing expanded syntactic analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.143-148
• /
• 2007

In the context of mass traffic, firewall system cannot record normal log files against DDoS attack. The loss of log record causes that a firewall system does not know whether a packet is normally filtered or not, and firewall log, which is an essential data for the counter measure of violation accident, cannot be verified as trusted. As a network speed increases, these problems happen more frequently and largely. Accordingly, the method to use simply additional hardware devices is not recommended for the popularization of firewall. This paper is devoted to verify the loss of iptable log that is the mother's womb of most domestic firewall systems and show that the log handling methods for conventional firewall systems are needed to improve.

• KIISE Transactions on Computing Practices
• /
• v.24 no.1
• /
• pp.33-39
• /
• 2018

For the integration test in the current field of defense simulation, each actual equipment and simulator's logging information is automated. Although the event of the integrated test system is written in the test log, it is not automated, and relies on the operator's handwriting or file creation, resulting in ineffective aspects such as low-quality record content and repetition of the same content. In this study, we propose the automatic test report recording program that solves these problems. Automatic test report recording program uses framework-based technology to receive information from the test control computer and user to record a log of the test log. Automatic test report recording program allows the user to record the repeated test content in a stable manner. Additionally, even if the number of test operators is limited, the efficiency is improved so that we can fucus on the integration test.