• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.387-396
• /
• 2016

As the number of people using digital devices has increased, the digital forensic, which aims at finding clues for crimes in digital data, has been developed and become more important especially in court. Together with the development of the digital forensic, the anti-forensic which aims at thwarting the digital forensic has also been developed. As an example, with anti-forensic technology the criminal would delete an digital evidence without which the investigator would be hard to find any clue for crimes. In such a case, recovery techniques on deleted or damaged information will be very important in the field of digital forensic. Until now, even though EVTX(event log)-based recovery techniques on deleted files have been presented, but there has been no study to retrieve event log data itself, In this paper, we propose some recovery algorithms on deleted or damaged event log file and show that our recovery algorithms have high success rate through experiments.

• KIISE Transactions on Computing Practices
• /
• v.21 no.10
• /
• pp.639-644
• /
• 2015

The capacity of flash-based storage such as Solid State Drive(SSD) and embedded Multi Media Card(eMMC) is ever-increasing because of the needs from the end-users. However, if a flash-based storage crashes, such as during power failure, the flash translation layer(FTL) is responsible for the crash recovery based on the entire flash memory. The recovery time increases as the capacity of the flash-based storages increases. We propose O1FTL with O(1) crash recovery time that is independent of the flash capacity. O1FTL adopts the working area technique suggested for the flash file system and evaluates the design on a real hardware platform. The results show that O1FTL achieves a crash recovery time that is independent of the capacity and the overhead, in terms of I/O performance, and achieves a low P/E cycle.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1143-1151
• /
• 2015

Extensible Storage Engine (ESE) database is a database developed by Microsoft. This database is used in web browser like Internet Explorer, Spartan and in Windows system with Windows Search, System Resource Usage Monitor. Previous ESE database viewer can display an incorrect result and can't read the file depending on collected environment and status of files. And the deleted record recovery tool is limited to some program and cannot recover all tables. This paper suggests the universal recovery method for deleted records and presents the experimental results through development of tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.655-666
• /
• 2013

As the capacity of storage devices becomes larger, most users divide them into several logical partitions for convenience of storing and controlling data. Therefore, recovering partitions stably which are artificially hidden or damaged is the most important issue in the perspective of digital forensic. This research suggests partition recovery algorithm that makes stable and effective analysis using characteristics of each file system. This algorithm is available when partition is not distinguishable due to concealment of partition or damage in partition area.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.9
• /
• pp.2040-2048
• /
• 2010

In contemporary society, though convenience and efficiency of work using information system is growing high, adverse effect problems of malignant code, system hacking, information leak by insiders due to the development of the network are raising their head daily. Because of this, enormous work forces and expenses for the recovery and management of system is needed. The existing system can be divided into two aspects: security solution which surveils and treats virus and malignant codes, and network management solution which observes the system of computer, and practices maintenance and repair such as management, recovery, backup. This treatise applied Active Write Filter mechanism and the technology based on NFS and complemented the maintenance problems of user data of the existing system and designed the system which enables solving problems of intellectual property right such as information protection and illegal work.

• The KIPS Transactions:PartA
• /
• v.11A no.5
• /
• pp.313-318
• /
• 2004

In this paper, we suggest a checkpoint and recovery facility for the fault-tolerable process which is expected to be executed for a long time. The basic concept of the suggested facility is to allow the process to be executed continuously, when the process was stopped due to a System fault, by storing the execution status of the process periodically and recovering the execution status prior to the fault was occurred. In the suggested facility, it does not need to modify the source code for the fault-tolerable process. It was designed for the user to specify directly the file name and the checkpoint frequency, and two system calls(save, recover) were added. finally, it was implemented on the Linux environment(kernel 2.4.18) for checking the feasibility.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.49 no.9
• /
• pp.205-214
• /
• 2012

The main thing that IT operation managers consider is protecting assets of corporation from system failure and disaster. Therefore, this research proposed a backup system for a disaster recovery. Previous backup method is that if database update occurs, this record is saved in redo log, and if the size of record file is over than expected, this file is saved in archive log in order. Thus, it is possible to occur errors of data loss from the process of data backup which change in real time while changes of database occur. Suggested backup system is back redo log up to database of transaction log in real time, and back a record that can be omitted from previous backup method up to archive log. When recover the data, it is possible to recover redo log in real time online, and it minimizes data loss. Also, throughout multi thread processing method data recovery is performed and it is designed that system performance is improved. To verify stability of backup system CPN(Coloured Petri Net) is introduced, and each step of backup system is displayed in diagram form, and th e stability is verified based on the definition and theorem of CPN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.885-896
• /
• 2014

The files in computer storages can be deleted due to unexpected failures or accidents. Some malicious users often delete data by himself for anti-forensics. If deleted files are associated with crimes or important documents in business, they should be recovered and the recovery tool is necessary. The recovery methods and tools for some filesystems such as NTFS, FAT, and EXT have been developed actively. However, there has not been any researches for recovering deleted files in XFS filesystem applied to NAS or CCTV. In addition, since the current related tools are based on the traditional signature detection methods, they have low recovery rates. Therefore, this paper suggests the recovery methods for deleted files based on metadata and signature detection in XFS filesystem, and verifies the results by conducting experiment in real environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.382-403
• /
• 2020

Steganography is the art of concealing the existence of a secret data in a non-secret digital carrier called cover media. While the image of steganography methods is extensively researched, studies on other cover files remain limited. Videos are promising research items for steganography primitives. This study presents an improved approach to video steganography. The improvement is achieved by allowing senders and receivers exchanging secret data without embedding the hidden data in the cover file as in traditional steganography methods. The method is based mainly on searching for exact matches between the secret text and the video frames RGB channel pixel values. Accordingly, a random key-dependent data is generated, and Elliptic Curve Public Key Cryptography is used. The proposed method has an unlimited embedding capacity. The results show that the improved method is secure against traditional steganography attacks since the cover file has no embedded data. Compared to other existing Steganography video systems, the proposed system shows that the method proposed is unlimited in its embedding capacity, system invisibility, and robustness. The system achieves high precision for data recovery in the receiver. The performance of the proposed method is found to be acceptable across different sizes of video files.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.34 no.2
• /
• pp.161-169
• /
• 2016

This paper is intended to propose a novel approach to select an optimal site for a small-scaled artificial recharge system installation using TOPSIS (Technique for Order Preference by Similarity to Ideal Solution) with geospatial data. TOPSIS is a MCDM (Multi-Criteria Decision Making) method to choose the preferred one of derived alternatives by calculating the relative closeness to an ideal solution. For applying TOPSIS, in the first, the topographic shape representing optimal recovery efficiency is defined based on a hydraulic model experiment, and then an appropriate surface slope is determined for the security of a self-purification capability with DEM (Digital Elevation Model). In the second phase, the candidate areas are extracted from an alluvial map through a morphology operation, because local alluvium with a lengthy and narrow shape could be satisfied with a primary condition for the optimal site. Thirdly, a shape file over all candidate areas was generated and criteria and their values were assigned according to hydrogeologic attributes. Finally, TOPSIS algorithm was applied to a shape file to place the order preference of candidate sites.