Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.4.753

A Study of Checking the Job History of External USB Media  

Lee, Seongjae (The Attached Institute of ETRI)
Noh, Bongnam (Chonnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.4, 2017 , pp. 753-761 More about this Journal
Abstract
Recently, malicious code infiltration and leakage of confidential documents using external USB medium are frequently occurring in each field. We investigate the media to investigate incidents using external USB media, but there are many difficulties in that they can be lost or damaged. Ultimately, in order to investigate cases of external USB media, it is necessary to conduct a direct analysis of the external USB media as well as the system to which the media is connected. This paper describes an analysis of the artifacts of Windows systems to which external USB media is connected, and how to check the job history on the media. Therefore, it is expected that the system can be used to analyze the job history of the USB medium even if the external USB medium is not secured.
Keywords
USB Storage; USB Media; USB Media Forensic;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Dongho Won, "USB memory storage mark et trend in USA", Retrieved from http://news.kotra.or.kr/user/globalBbs/kotranews/25/globalBbsDataView.do?setIdx=254&dataIdx=136436&pageViewType=&column=title&search=%EB%AF%B8%EA%B5%AD%20usb&searchAreaCd=&searchNationCd=&searchTradeCd=&searchStartDate=&searchEndDate=&searchCategoryIdxs=&searchIndustryCateIdx=&searchItemCode=&searchItemName=&page=1&row=10KOTRA, Oct. 2014.
2 Jin-Kuk Kim, "USB Device Tracking on Windows", Retrieved from http:// forensic-proof.com/archives/3632, Jun, 2012.
3 Tanushree Roy, Aruna Jain, "Windows Registry Forensics : An Imperative Step in Tracking Data Theft via USB Devices", International Journal of Computer Science and Information Technologies, vol3, pp.4427-4433, 2012
4 Jan Axelson, "USB Complete 3rd", acornpub, pp.101-103, Jan. 2011.
5 Jason Hale, "The Windows 7 Event Log and USB Device Tracking", Retrieved from http://dfstream.blogspot.kr/2014/01/the-windows-7-event-log-and-usb-device.html, Jan. 2014.
6 Microsoft Corporation, "Shell Link (.LNK) Binary File Format", pp.10-15, Jul, 2016.
7 Narasimha Shashidhar, Dylan Novak, "Digital Forensic Analysis on Prefetch Files", International Journal on Information Security Science, Vol.4, pp.39-49, Jun. 2015.
8 Chan-Youn Lee, Sangjin Lee, "Structure and application of IconCach e.db files for digital forensics", Digital Investigation, Vol.11, pp.102-110, May. 2014.   DOI