The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Study of Trace for Data Wiping Tools

완전삭제 도구 사용 흔적에 관한 연구

  • 김연수 (고려대학교 정보경영공학전문대학원) ;
  • 방제완 (고려대학교 정보경영공학전문대학원) ;
  • 김진국 (고려대학교 정보경영공학전문대학원) ;
  • 이상진 (고려대학교 정보경영공학전문대학원)
  • Received : 2009.09.23
  • Accepted : 2009.12.03
  • Published : 2010.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

The data wiping is a technique which perfectly deletes data in a storage to prevent data recovery. Currently, management of stored data is important because of increasing an accident of personal information leakage. Especially, if you need to discard data contained personal information, using a wiping tool which permanently deletes data to prevent unnecessary personal information leakage. The data wiping is also used for data security and privacy protection. However the data wiping can be used intentionally destruction of evidence. This intentionally destruction of evidence is important clues of forensic investigation. This paper demonstrates the methods for detecting the usage of wiping tools in digital forensic investigation.

완전삭제 기술은 저장장치 내 데이터를 복구가 불가능하도록 흔적 없이 완벽하게 삭제하는 기술이다. 최근 개인정보 유출 사고가 급증함에 따라 저장된 데이터의 관리가 중요해지고 있다. 특히 개인정보가 포함된 데이터를 폐기해야 하는 경우, 데이터를 영구적으로 삭제하는 완전삭제 도구를 사용함으로써 개인정보에 대한 불필요한 유출을 막을 수 있다. 또한 완전삭제 기술은 데이터 보안 및 프라이버시 보호 측면으로 활용 가능하다. 그러나 완전삭제 기술은 의도적으로 사건과 관련된 증거를 인멸하기 위해 사용될 수도 있다. 이러한 의도적인 증거 인멸은 사건 수사에 있어서 중요한 실마리가 될 수 있다. 본 논문에서는 디지털 포렌식 수사 과정에서 완전삭제 도구의 사용 흔적을 확인할 수 있는 방안을 제시한다.

Keywords

References

  1. Peter F. Bennison and Philip J. Lasher, “Data security issues relating to end of life equipment,” IEEE International Symposium on Electronics and the Environment, pp.317-320, 2004.
  2. Forte, D. and Power, R., “A tour through the realm of anti-forensics,” Computer Fraud & Security, Vol.2007, Issue.6, pp.18-20, 2007. https://doi.org/10.1016/S1361-3723(07)70079-9
  3. John R. Mallery, “Secure File Deletion: Fact or Fiction?,” SANS GSEC Practical Assignment, Version 1.2e, 2006.
  4. Peter Gutmann, “Secure Deletion of Data from Magnetic and Solid-State Memory,” Sixth USENIX Security Symposium, 1996.
  5. DoD 5220.22-M, “National Industrial Security Program Operating Manual(NISPOM),” 2006. (http://www.dtic.mil/whs/directives/corres/html/522022m.htm)
  6. Simon Innes, “Secure Deletion and the Effectiveness of Evidence Elimination Software,” 3rd Australian Computer, Network & Information Forensics Conference, 2005.
  7. Matthew Geiger, “Evaluating Commercial Counter-Forensic Tools,” the 5th Annual Digital Forensic Research Workshop, 2005.
  8. Brian Carrier, “File System Forensic Analysis,” Addison-Wesly, 2005.
  9. DataEraser 2.0, HAURI, Inc. (http://www.hauri.co.kr/customer/product/product_view.html?product_uid=NDk=&prodcut_group=MTI=)
  10. East-Tec Eraser 2008(8.9), EAST Technologies (http://www.east-tec.com/consumer/eraser/index.htm)
  11. Eraser 5.86.1, Heidi Computers Ltd. (http://eraser.heidi.ie/)
  12. FINALeRASER 4.0.6.0220, FINALDATA (http://www.finaldata.co.kr/Products/?s=PRD&c=4)
  13. QuickClean 6.01.0003, McAfee, Inc. (http://www.mcafeestore. com/dr/sat4/ecMAIN.Entry10SP=10023&PN=1&xid=50147&V1=797957&CUR=840&DSP=&PGRP=0&ABCODE=&CACHE ID=0)
  14. SecureClean 4.0, WhiteCanyon Inc. (http://www.whitecanyon.com/secureclean-clean-hard-drive.php)
  15. Steve Anson and Steve Bunting, “Mastering, Windows Network Forensics and Investigation,” Wiley Publishing, Inc. 2007.
  16. T Bosschert, “Battling Anti-Forensics: Beating the U3 Stick,” Journal of Digital Forensic Practice, 2006. https://doi.org/10.1080/15567280701417975
  17. Harlan Carvey, “Windows Forensic Analysis DVD Toolkit,” SYNGRESS, pp.226-228, 2007.
  18. Harlan Carvey, “The Windows Registry as a forensic resource,” Digital Investigation, Vol.2, Issue.3, pp.201-205, 2005. https://doi.org/10.1016/j.diin.2005.07.003
  19. Harry Velupillai and Pontjho Mokhonoana, “Evaluation of Registry Data Removal by Shredder Programs,” Advances in Digital Forensics IV, Springer Boston, pp.51-58, 2008. https://doi.org/10.1007/978-0-387-84927-0