• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.1
• /
• pp.25-30
• /
• 2017

The influence of the data deletion method which is one of anti-forensic techniques is substantial in terms of forensic analysis compared to its simplicity of the act. In academic world, recovery techniques on deleted files have been continuously studied in response to the data deletion method and representatively, the file system-based file recovery technique and file format based recovery technique exist. If there's metadata of deleted file in file system, the file can be easily recovered by using it, but if there's no metadata, the file is recovered by using the signature-based carving technique or the file format based recovery technique has to be applied. At this time, in the file format based recovery technique, the file structure analysis and possible recovery technique should be provided. This paper proposes the page recovery technique on deleted PDF file based on the structural characteristics of PDF file. This technique uses the tag value of page object which constitutes one page of PDF file. Object is extracted by utilizing each tag value as a kind of signature and by analyzing extracted object, the metadata of PDF file is recombined and then it's reconfigured page by page. Recovering by page means that even if deleted PDF file is damaged, even some pages consisting of PDF file can be recovered. Generally, if the file system based file is not recoverable, deleted file is recovered by applying the signature based carving technique. The technique which we proposed in this paper can recover PDF files that are damaged. In the digital forensic perspective, it can be utilized to recover more data than previously.

• Journal of KIISE
• /
• v.43 no.7
• /
• pp.744-750
• /
• 2016

Recent cloud infrastructures provide competitive performances and operation costs for many internet services through pay-per-use model. Particularly, object storages are highlighted, as they have unlimited file holding capacity and allow users to access the stored files anytime and anywhere. Several lines of research are based on cloud-backed file systems, which support traditional POSIX interface rather than RESTful APIs via HTTP. However, these existing file systems handle all files with uniform size backing objects. Consequently, the accesses to cloud object storages are likely to be inefficient. In our research, files are profiled according to characteristics, and appropriate backing unit sizes are determined. We experimentally verify that different backing unit sizes for the object storage improve the performance of cloud-backed file systems. In our comparative experiments with S3QL, our prototype cloud-backed file system shows faster performance by 18.6% on average.

• International Journal of Internet, Broadcasting and Communication
• /
• v.14 no.1
• /
• pp.10-18
• /
• 2022

Since High Sierra, APFS has been used as the main file system. It is a well-established file system that has been used stably thus far. From the perspective of digital forensics, there are still many areas to be investigated. Apple File System Reference is provided to the apple developer site, but it is not satisfactory to fully analyze APFS. Researchers know more about the structure of APFS than before, but they have not yet fully analyzed its structure to a perfect level about it. In this paper, we develop APFS object identification tool for digital forensics. The most basic and essential object identification and analysis of the APFS filesystem will be conducted with the tool. The analysis in this study serves as the background for an analysis of the checkpoint operation principle and structure, including the more complex B-tree structure of APFS. There are several options for the developed tool, but the results of two use cases will be shown here. Based on the implemented tool, it is hoped that more functions will be added to make APFS a useful tool for faster and more accurate analyses.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.3
• /
• pp.256-260
• /
• 2008

This paper describes an improvement of mount-time delay in NAND Flash file systems. To improve file system mount performance, this work configures a hierarchical storage system with byte-addressable NVRAM and NAND Flash memory, and let the meta data of a file system allocated in the NVRAM. Since the meta data are stored in NVRAM supporting data integrity some of the items, which are stored in Spare area and Object Header area of NAND Flash memory to control meta data of NAND Flash file system, could be eliminated. And also, this work eliminates the scanning operation of the Object Header area of previous work FRASH1.0. The scanning operation is definitely required to find out the empty Object Header address for storing the Object Header data and provokes a certain amount of performance loss in file generation and deletion. In this work, an implemented file system, so-called FRASH1.5, is demonstrated, featuring new data structures and new algorithms. The mount time of FRASH1.5 becomes twice as fast as that of the FRASH1.0. The performance in file generation gets improved by about $3{\sim}8%$. In particular, for most large-size files, the FRASH1.5 has 8 times faster mount time than YAFFS, without any performance loss as seen in the file generation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.861-870
• /
• 2014

According to the intelligence of the malicious code to extract the executable file in physical memory is emerging as an import researh issue. In previous physical memory studies on executable file extraction which is targeting running files, they are not extracted as same as original file saved in disc. Therefore, we need a method that can extract files as same as original one saved in disc and also can analyze file-information loaded in physical memory. In this paper, we provide a method that executable file extraction by analyzing information of Windows kernel file object. Also we analyze the characteristic of physical memory loaded file data from the experiment and we demonstrate superiority because the suggested method can effectively extract more of original file data than the existing method.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.4
• /
• pp.1-8
• /
• 2012

The NTFS journaling file($LogFile) is used to keep the file system clean in the event of a system crash or power failure. The operation on files leaves large amounts of information in the $LogFile. Despite the importance of a journal file as a forensic evidence repository, its structure is not well documented. The researchers used reverse engineering in order to gain a better understanding of the log record structures of address parts, and utilized the address for identifying object files to gain forensic information.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.47 no.5
• /
• pp.25-33
• /
• 2010

Multi-media service has been changed into user based audio services, which service supports actively user's preference and interaction with the users. In the market, multi-media products which can support the highest audio-quality by using lossless audio technology have been released and object audio music which user can select the objects has been serviced. In this paper, we design user's preference information based object audio file format and audio scene description for storage and transmission media. The designed file format is designed based on MPEG-4 file format because high-quality audio codecs in MPEG-4 audio can be easily used and the track of file format can be flexibly controlled depend on the number of the instrument in music. The encoded audio data of each objects and encoded audio scene description by binary encoding that has independent track are packed in a file. The scene description for storage media is consist of full and object scene description, the scene description for transmission media has an essential description for object audio operation and a specific description for real audio sound. The designed file format based simulator is developed and it generates an object audio file with several scene descriptions. Also, the real audio sound is serviced by the interaction with user and the unpacked scene description.

• International Journal of Internet, Broadcasting and Communication
• /
• v.14 no.3
• /
• pp.1-7
• /
• 2022

This paper aims to compare the mean object size of M/G/1/PS model with that of M/BP/1 model used in the web service. The mean object size is one of important measure to control and manage web service economically. M/G/1/PS model utilizes the processor sharing in which CPU rotates in round-robin order giving time quantum to multiple tasks. M/BP/1 model uses the Bounded Pareto distribution to describe the web service according to file size. We may infer that the mean waiting latencies of M/G/1/PS and M/BP/1 model are equal to the mean waiting latency of the deterministic model using the round robin scheduling with the time quantum. Based on the inference, we can find the mean object size of M/G/1/PS model and M/BP/1 model, respectively. Numerical experiments show that when the system load is smaller than the medium, the mean object sizes of the M/G/1/PS model and the M/BP/1 model become the same. In particular, when the shaping parameter is 1.5 and the lower and upper bound of the file size is small in the M/BP/1 model, the mean object sizes of M/G/1/PS model and M/BP/1 model are the same. These results confirm that it is beneficial to use a small file size in a web service.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• Smart Media Journal
• /
• v.7 no.4
• /
• pp.9-16
• /
• 2018

In order to improve the economics and flexibility of cloud computing, tendency to automate the operation and management of cloud resources has become complicated. However, while automation for cloud storage depends on the manufacturer's storage hardware, it cannot flexibly support the storage type in accordance with users' needs. In this paper, we propose an automatic configuration module that supports block/file/object storages suitable for user environment. In order to automatically install ceph, a cloud storage, we propose an automatic installation and configuration module based on the Chef configuration management tool. In addition to that, we also propose an automatic configuration module based on a shell programming in pursuit of enabling users to use ceph storage of block/file/object. The proposed method can automatically set up and manage shared file, block, and object storages in a virtual or physical user environment with no hardware dependencies.