Browse > Article
http://dx.doi.org/10.3745/KTCCS.2017.6.1.17

Process of Collection for a Removable Storage Device Image Using a Software  

Baek, Hyun Woo (고려대학교 정보보호대학원 정보보호학과)
Jeon, Sang Jun (고려대학교 정보보호대학원 디지털포렌식연구센터)
Lee, Sang Jin (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.6, no.1, 2017 , pp. 17-24 More about this Journal
Abstract
As the prevalence of removable device, critical intelligences are often stored in the removable device. For that reason, in seizure and search, the removable device became a important evidence of while it could be has a salient key for prove a crime. When we acquired a removable device for proof, we image it by a imaging device or software with a write protection. However, these are high-priced exclusive equipments and sometimes it could be out of order. In addition, we found that some secure USB and inbuilt vaccine USB are failed to connect to the imaging device. Therefore, in this paper, we provide a suitable digital evidence collection procedure for real.
Keywords
Removable Storage Device; Imaging; Secure USB; Write Blocker; Imaging Device;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Lee, Sun-Ho and Im-Yeong Lee, "A study on security solution for USB flash drive," Journal of Korea Multimed ia Society, Vol.13, No.1, pp.93-101, 2010.
2 "Computer Forensics Guideline," Telecommunications Technology, Association, 2007. 12. 26.
3 Hye-Won Lee, Chang-Wook Park, Guen-Gi Lee, Kwon-YoupKim, and Sang-Jin Lee, "Secure USB Analysis in Forensic perspective," The Korea Society of Broadcast Engineers Conference, pp.63-65, 2008.
4 "Removable Storage Device Security Manage ment Guidelines," National Intelligence Service, 2007.
5 Sung-Min Jang, Jung-Heum Park, Chan-Ung Pak, and Sang-Jin Lee, "The Research for Digital Evidence Acquisition Procedure within a Full Disk Encryption Environment," Journal of The Korea Institute of Information Security & Cryptology, Vol.25, No.1, 2015.
6 Keun-Gi Lee, Hye-Won Lee, Chang-Wook Park, Je-Wan Bang, Kwon-youp Kim, and Sangjin Lee, "USBPassOn: Secure USB Thumb Drive Forensic Toolkit," 2008 Second International Conference on Future Generation Communication and Networking, Vol.2, IEEE 2008.
7 C. Hargreaves and H. Chivers, "Recovery of Encryption Keys from Memory Using a Linear Scan," The Third International Conference on Availability Reliability and Security, pp. 1369-1376, Mar., 2008.
8 Minho Kim, Hyunuk Hwang, Kibom Kim, Taejoo Chang, Minsu Kim, and Bongnam Noh, "Vulnerability Analysis Method of Software-based Secure USB," Journal of The Korea Institute of Information Security & Cryptology, Vol.22, No.6, pp.1345-1354, 2012.
9 "Rules relating to the collection and processing of digital evidence," National Police Agency, Directive, No.766, 2015.05.22.
10 "Study on the procedures and facilities for maintaining the integrity of digital evidence," Supreme Prosecutor's Office, 2006. 06.
11 "Digital Forensics: How to configure Windows Investigative Workstations," SANS Digital Forensics and Incident Response Blog, 2010. 12.
12 SecuDrive [Internet], http://www.secudrive.co.kr/.
13 SaferZone [Internet], http://www.saferzone.com/saferzone/sub01_02_ 01.asp.
14 TurboVaccine [Internet], http://www.turbovaccine.com/sub/usb_otg2.asp.