• Title/Summary/Keyword: USB Media Forensic

Search Result 6, Processing Time 0.021 seconds

A Study of Checking the Job History of External USB Media (외장형 USB 매체의 작업이력 점검 방법에 관한 연구)

  • Lee, Seongjae;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.753-761
    • /
    • 2017
  • Recently, malicious code infiltration and leakage of confidential documents using external USB medium are frequently occurring in each field. We investigate the media to investigate incidents using external USB media, but there are many difficulties in that they can be lost or damaged. Ultimately, in order to investigate cases of external USB media, it is necessary to conduct a direct analysis of the external USB media as well as the system to which the media is connected. This paper describes an analysis of the artifacts of Windows systems to which external USB media is connected, and how to check the job history on the media. Therefore, it is expected that the system can be used to analyze the job history of the USB medium even if the external USB medium is not secured.

A Study on Analysis of Hidden Areas of Removable Storage Device from a Digital Forensics Point of View (디지털 포렌식 관점에서 이동식 저장매체의 은닉영역 분석 연구)

  • Hong, Pyo-gil;Lee, Dae-sung;Kim, Dohyun
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.05a
    • /
    • pp.111-113
    • /
    • 2021
  • USB storage devices, which are represented by removable storage media, are widely used even nowadays when cloud services are common. However, since they are cases where hidden areas are created and exploited in USB storage devices. This research is needed to detect and analyze them from an Anti-forensic point of view. In this paper, we analyze a program that can be exploited as Anti-forensic because it can create a hidden partition and store files there, and the file system created by it from a digital forensic point of view.

  • PDF

Vulnerability Analysis Method of Software-based Secure USB (소프트웨어 기반 보안 USB에 대한 취약성 분석 방법론)

  • Kim, Minho;Hwang, Hyunuk;Kim, Kibom;Chang, Taejoo;Kim, Minsu;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1345-1354
    • /
    • 2012
  • The modern society with the wide spread USB memory, witnesses the acceleration in the development of USB products that applied secure technology. Secure USB is protecting the data using the method as device-based access control, encryption of stored files, and etc. In terms of forensic analyst, to access the data is a lot of troubles. In this paper, we studied software-based data en/decryption technology and proposed for analysis mechanism to validation vulnerability that secured on removable storage media. We performed a vulnerability analysis for USB storage device that applied security mechanism. As a result, we found vulnerabilities that extracts a source file without a password.

A Study of Acquisition and Analysis on the Bios Firmware Image File in the Digital Forensics (디지털 포렌식 관점에서 BIOS 펌웨어 이미지 파일 수집 및 분석에 관한 연구)

  • Jeong, Seung Hoon;Lee, Yun Ho;Lee, Sang Jin
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.5 no.12
    • /
    • pp.491-498
    • /
    • 2016
  • Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

A Stable Evidence Collection Procedure of a Volatile Data in Research (휘발성 증거자료의 무결한 증거확보 절차에 관한 연구)

  • Kim, Yong-Ho;Lee, Dong-Hwi;J. Kim, Kui-Nam
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.13-19
    • /
    • 2006
  • I would like to explain a method how to get important data from a volatile data securely, when we are not available to use network in computer system by incident. The main idea is that the first investigator who collects a volatile data by applying scripts built in USB media should be in crime scene at the time. In according to volatile data, he generates hash value, and gets witness signature. After that, he analyses the volatile data with authentication in forensics system.

  • PDF

Methods for Investigating of Edit History about MS PowerPoint Files That Using the OOXML Formats (OOXML형식을 사용하는 MS 파워포인트 파일에 대한 편집 이력 조사 방법)

  • Youn, Ji-Hye;Park, Jung-Heum;Lee, Sang-Jin
    • The KIPS Transactions:PartC
    • /
    • v.19C no.4
    • /
    • pp.215-224
    • /
    • 2012
  • Today, individuals and businesses are a lot of paperwork through a computer. So many documents files are creating to digital type. And the digital type files are copied, moved by various media such as USB, E-mail and so on. A careful analysis of these digital materials can be tracked that occurred during the document editing work history. About these research are on the compound document file format, but has not been studied about the new OOXML format that how to analyze linkages between different document files, tracking an internal order, finding unsaved file for identify the process of creating the file. Future, the use of OOXML format digital documents will further increase, these document work history traceability in digital forensic investigation would be a big help. Therefore, this paper on the new OOXML format(has a forensic viewpoint) will show you how to track the internal order and analyze linkages between the files.