Browse > Article
http://dx.doi.org/10.3745/KTCCS.2017.6.1.25

A Recovery Technique of PDF File in the Unit of Page  

Jang, Jeewon (고려대학교 정보보호대학원 정보보호학과)
Bang, Seung Gyu (고려대학교 정보보호대학원 정보보호학과)
Han, Jaehyeok (고려대학교 정보보호대학원 정보보호학과)
Lee, Sang Jin (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.6, no.1, 2017 , pp. 25-30 More about this Journal
Abstract
The influence of the data deletion method which is one of anti-forensic techniques is substantial in terms of forensic analysis compared to its simplicity of the act. In academic world, recovery techniques on deleted files have been continuously studied in response to the data deletion method and representatively, the file system-based file recovery technique and file format based recovery technique exist. If there's metadata of deleted file in file system, the file can be easily recovered by using it, but if there's no metadata, the file is recovered by using the signature-based carving technique or the file format based recovery technique has to be applied. At this time, in the file format based recovery technique, the file structure analysis and possible recovery technique should be provided. This paper proposes the page recovery technique on deleted PDF file based on the structural characteristics of PDF file. This technique uses the tag value of page object which constitutes one page of PDF file. Object is extracted by utilizing each tag value as a kind of signature and by analyzing extracted object, the metadata of PDF file is recombined and then it's reconfigured page by page. Recovering by page means that even if deleted PDF file is damaged, even some pages consisting of PDF file can be recovered. Generally, if the file system based file is not recoverable, deleted file is recovered by applying the signature based carving technique. The technique which we proposed in this paper can recover PDF files that are damaged. In the digital forensic perspective, it can be utilized to recover more data than previously.
Keywords
Damaged PDF File; Page Object; PDF; PDF Object Tag; PDF Page; Recovery; Digital Forensic;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 Adobe Systems Incorporated, Document management - Portable document format - Part 1: PDF 1.7, Adobe Systems Incorporated, 2008.
2 Gyu-an Lee, Dae-woo Park, and Young-Tae Shin, "A Study on Rivalry Technology of Anti-Digital Forensic," Proceedings of the Korean Society of Computer Information Conference, Vol.16, No.1, pp.183-188, 2008.
3 Jae-hyoung Ahn, Jung-heum Park, and Sang-jin Lee, "The Research on the Recovery Techniques of Deleted Files in the XFS Filesystem," Journal of the Korea Institute of Information Security & Cryptology, Vol.24, No.5, pp.885-896, 2014.   DOI
4 TaeSuk Kwon, KeunDuck Byun, Sangjin Lee, and Jongin Lim, "Design of an efficient file carving algorithm in a forensic perspective," Korea Society of Broadcast Engineering, pp.205-208, 2008.
5 Dohyun Kim, Jungheum Park, and Sangjin Lee, "File Carving for Ext4 File System on Android OS," Journal of the Korea Institute of Information Security & Cryptology, Vol.23, No.3, pp.417-429, 2013.   DOI
6 Yonghak Shin, Junyoung Cheon, and Jongsung Kim, "Study on Recovery Techniques for the Deleted or Damaged Event Log(EVTX) Files," Journal of the Korea Institute of Information Security & Cryptology, Vol.26, No.2, pp.387-396, 2016.   DOI
7 Jaeung Namgung, Ilyoung Hong, Jungheum Park, and Sangjin Lee, "A research for partition recovery method in a forensic perspective," Journal of the Korea Institute of Information Security & Cryptology, Vol.23, No.4, pp.655-666, 2013.   DOI
8 Byeongyeong Yoo, Jungheum Park, Jewan Bang, and Sangjin Lee, "A Study on Extracting the Document Text for Unallocated Areas of Data Fragments," Journal of the Korea Institute of Information Security & Cryptology, Vol.20, No.6, pp.43-51, 2010.
9 Hyunji Chung, Jungheum Park, and Sangjin Lee, "Forensic Analysis of Residual Information in Adobe PDF Files," in Communications in Computer and Information Science, PART 2, Vol.185, pp.100-109, 2011.