The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of Windows Vista Security System for Forensic Examination

포렌식 조사를 위한 윈도우 비스타 보안 체계 분석

  • 황성호 (건국대학교 컴퓨터공학부) ;
  • 남현우 (건국대학교 컴퓨터공학부) ;
  • 박능수 (건국대학교 컴퓨터공학부) ;
  • 조수형 (한국전자통신연구원 암호기술연구팀) ;
  • 홍도원 (한국전자통신연구원 암호기술연구팀)
  • Published : 2008.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Windows Vista published by Microsoft provides more powerful security mechanisms than previous Windows operating systems. In the forensics point of view, new security mechanisms make it more difficult to get data related to the criminals in a storage device. In this paper, we analyze BitLocker introduced as an new security mechanism in Windows Vista. Also, compared to the previous Windows operating systems, the changes and security issues of UAC and EFS in Windows Vista are discussed in the forensics point of view. Futhermore, we discuss other characteristics of Windows Vista useful for forensic examinations.

2006년 겨울 Microsoft사에서 새롭게 출시한 Windows Vista는 기존의 Windows 운영체제와 비교해서 강력한 보안 메커니즘을 제공하고 있다. 하지만 컴퓨터가 범죄에 사용될 경우, 포렌식 관점에서는 새로운 보안 메커니즘으로 인하여 저장 장치에 저장되어 있는 범죄와 관련된 데이터를 획득하기가 더욱 힘들어진다. 본 논문에서는 Windows Vista에서 새롭게 사용하는 보안 메커니즘인 BitLocker에 대해 분석하고, 이전 Windows 버전에서 사용했던 UAC과 EFS에 대해서 변경된 점에 대해서 살펴보고 포렌식 관점에서 주요 보안 이슈를 살펴본다. 또한 포렌식 관점에서 활용할 수 있는 기타 Windows Vista 특징에 대해서 살펴본다.

Keywords

References

  1. Andreas Schuster, “Introducing the Microsoft Vista event log file format,” Digital Investigation Vol.4, Supplement-1, Sep. 2007, pp.65-72 https://doi.org/10.1016/j.diin.2007.06.015
  2. Douglas Maclver, “Penetration Testing windows Vistatm BitLockertm Drive Encryption,” HITBSecConf2006, 2006
  3. Andrey Malyshev and Serg Vasilenkov, “Security Analysis of Microsoft Encrypting file System(EFS),” Black Hat Europe 2003 Conference, 2003
  4. Lance Mueller, “First Looks Basic Investigations of Windows Vista,” Computer and Enterprise Investigations Conference 2007
  5. Microsoft Corporation, “BitLocker Drive Encryption Technical Overview,” http://technet.microsoft.com/en-us/windowsvista/aa906017. aspx, 2006
  6. Microsoft Corporation, “Windows BitLocker Drive Encryption Frequently Asked Questions,” http://technet2.microsoft.com/WindowsVista/en/library/5835 8421-a7f5-4c97-ab41-2bcc61a58a701033.mspx, 2006
  7. Microsoft Corporation, “BitLocker Drive Encryption : Scenarios, User Experience, and Flow,”http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFlow.mspx, 2006
  8. Microsoft Corporation, “The Windows Vista and Windows Server 2008 Developer Story : Windows Vista Application Development Requirements for User Account Control(UAC),” http://msdn2.microsoft.com/en-us/library/aa905330.aspx, 2006
  9. Microsoft Corporation, “Understanding and Configuring User Account Control in Windows Vista,” http://technet2.microsoft.com/WindowsVista/en/library/00d04415-2b2f-422c-b70e-b18ff918c2811033.mspx, 2006
  10. Microsoft Corporation, “Windows User Account Control Step-by-Step Guide,” http://technet2.microsoft.com/WindowsVista/en/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d91033.mspx, 2006
  11. Microsoft Corporation, “Getting Started with User Account Control on Windows Vista,” http://technet.microsoft.com/en-us/windowsvista/aa906022.aspx, 2006
  12. Microsoft Corporation, “Windows Vista Developer Story(Help File),” http://msdn2.microsoft.com/en-us/windowsvista/aa904951.aspx, 2006
  13. Microsoft Corporation, “How EFS Work,” http://www.microsoft.com/technet/prodtechnol/windows200 0serv/reskit/distrib/dsck_efs_duwf.mspx, 2006
  14. Microsoft Corporation, “Windows Data Protection,” http://msdn2.microsoft.com/en-us/library/ms995355.aspx, 2006
  15. Jim Moeller, “Microsoft Windows Vista Forensic Jumpstart,” Techno Security 2007
  16. Mark E. Russinovich and David A. Solomon, 'Microsoft Windows Internals, 4th Edition,' Microsoft Press, 2006
  17. Microsoft TechNet, “BitLocker 드라이브 암호화를 사용하여 데이터를 보호하기 위한 핵심 사항,” http://www.microsoft.com/technet/technetmag/issues/2007/06/BitLocker/default.aspx?loc=ko, 2007 June
  18. Niels Ferguson, “AES-CBC+Elephant diffuser A Disk Encryption Algorithm for Windows Vista,” http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf, 2006
  19. Shon Eizenhoefer, “BitLocker Drive Encryption Hardware Enhanced Data Protection,” Microsoft WinHEC 2006
  20. 정준석, 정원용, '임베디드 개발자를 위한 파일시스템의 원리와 실습,' 한빛미디어, 2006