• The Journal of Society for e-Business Studies
• /
• v.7 no.1
• /
• pp.167-186
• /
• 2002

The encryption of a file on a PC before saving can maintain security of the file. However, if the key for the encrypted file is lost or damaged, the encrypted file can not be decrypted, resulting in serious economical loss to the user or the user group. In order to minimize the economical loss a secure and reliable key recovery technology is required. Presented in this paper is the development and evaluation of PKRS (PC based Key Recovery System) which supports encryption and decryption of file and recovery of the encrypted file in emergency. The encapsulating method, which attaches key recovery information to encrypted file, is applied to the PKRS. In addition, the PKRS is developed and evaluated according to the requirements of Requirements for Key Recovery Products proposed by NIST and requirements of Common Criteria 2.0 to prove the safety and reliability of the information security system. This system is applicable to a PC and can be further extended to internet or intranet environment information system where in encryption and recovery of file is possible.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.118-123
• /
• 2021

Recently, digital crime is becoming more intelligent, and efficient digital forensic techniques are required to collect evidence for this. In the case of important files related to crime, a specific person may intentionally delete the file. In such a situation, data recovery is a very important procedure that can prove criminal charges. Although there are various methods to recover deleted files, we focuses on the recovery technique using HxD editor. When recovering a deleted file using the HxD editor, check the file structure and access the file data area through calculation. However, there is a possibility that errors such as arithmetic errors may occur when a file approach through calculation is used. Therefore, in this paper, we propose an algorithm that automatically calculates the header and footer of a file after checking the file signature in the root directory for efficient file recovery. If the algorithm proposed in this paper is used, it is expected that the error rate of arithmetic errors in the file recovery process can be reduced.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.1
• /
• pp.25-30
• /
• 2017

The influence of the data deletion method which is one of anti-forensic techniques is substantial in terms of forensic analysis compared to its simplicity of the act. In academic world, recovery techniques on deleted files have been continuously studied in response to the data deletion method and representatively, the file system-based file recovery technique and file format based recovery technique exist. If there's metadata of deleted file in file system, the file can be easily recovered by using it, but if there's no metadata, the file is recovered by using the signature-based carving technique or the file format based recovery technique has to be applied. At this time, in the file format based recovery technique, the file structure analysis and possible recovery technique should be provided. This paper proposes the page recovery technique on deleted PDF file based on the structural characteristics of PDF file. This technique uses the tag value of page object which constitutes one page of PDF file. Object is extracted by utilizing each tag value as a kind of signature and by analyzing extracted object, the metadata of PDF file is recombined and then it's reconfigured page by page. Recovering by page means that even if deleted PDF file is damaged, even some pages consisting of PDF file can be recovered. Generally, if the file system based file is not recoverable, deleted file is recovered by applying the signature based carving technique. The technique which we proposed in this paper can recover PDF files that are damaged. In the digital forensic perspective, it can be utilized to recover more data than previously.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.359-366
• /
• 2001

This paper overviews the design of SANique$^{TM}$ -a shred file system for Linux cluster based on SAN environment. SANique$^{TM}$ has the capability of transferring user data from network-attached SAN disks to client applcations directly without the control of centralized file server system. The paper also presents the characteristics of each SANique$^{TM}$ subsystem: CFM(Cluster File Manager), CVM(Cluster Volume Manager), CLM(Cluster Lock Manager), CBM(Cluster Buffer Manager) and CRM(Cluster Recovery Manager). Under the SANique$^{TM}$ design layout, then, the syndrome of '||'&'||'quot;split-brain'||'&'||'quot; in shared file system environments is described and defined. The work first generalizes and illustrates possible situations in each of which a shared file system environment may split into two or more pieces of separate brain. Finally, the work describes the SANique$^{TM}$ approach to the given "split-brain"problem using SAN disk named "split-brain" and develops the overall recovery procedure of shared file systems.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.13 no.5
• /
• pp.235-243
• /
• 2018

NAND flash memory has been widely used for embedded systems as storage device and the flash memory file systems such as JFFS2, YAFFS/YAFFS2 have been adopted by these embedded systems. The flash memory file systems provide the high performance and overcome the limitations of flash memory. However, these file systems don't solve the slow mount time problem when a sudden power failure happens. In this paper, we proposed a flash memory management method for enhancing the recovery performance. The proposed method manages the flash memory block type and stores the block type information at recovery image block. When file operations are occurred, our method stores the file information at the metadata block before and after the file operation. When mounting the flash memory, our method only scans the recovery image blocks and metadata blocks. The proposed method reduces the mount time by seeking the metadata block locations fast by using the recovery image blocks. We implemented the proposed method and evaluation results show that our method reduces the mount time 13 ~ 46 % compared with YAFFS2.

• International Journal of Internet, Broadcasting and Communication
• /
• v.11 no.3
• /
• pp.64-70
• /
• 2019

Video files of video devices such as black box and CCTV may be damaged due to repetitive file read / write and physical environment factors. Even though there are available parts of video information, it may happen that playback can't be performed due to damage of some information. To playback the remaining video information normally, it is necessary to recover damaged areas of the files. For this, it is necessary to accurately check the damage range of the files. In this paper, we propose the design and implementation of a tool which detects damaged areas of a video file and recovers the usable area of the file to playback. The proposed tool can analyze and recover without additional information by analyzing common information of video container format and can check detailed damaged ranges with chunks. It is possible to perform recovery just only with the target file and reference file without any other information such as codec specification.

• Journal of KIISE:Databases
• /
• v.37 no.6
• /
• pp.292-299
• /
• 2010

Recently, as flash memory is used as digital storage devices, necessity for digital forensics is growing in a flash memory area for digital evidence analysis. For this purpose, it is important to recover crashed files stored on flash memory efficiently. However, it is inefficient to apply the hard disk based file recovery techniques to flash memory, since hard disk and flash memory have different characteristics, especially flash memory being unable to in-place update. In this paper, we propose a flash-aware file recovery technique for digital forensics. First, we propose an efficient search technique to find all crashed files. This uses meta-data maintained by FTL(Flash Translation Layer) which is responsible for write operation in flash memory. Second, we advise an efficient recovery technique to recover a crashed file which uses data location information of the mapping table in FTL. Through diverse experiments, we show that our file recovery technique outperforms the hard disk based technique.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.6
• /
• pp.279-287
• /
• 2005

File integrity checking is the most reliable method to examine integrity and stability of system resources. It is required to examine the whole data whenever auditing system's integrity, and its process and result depends on administrator's experience and ability. Therefore the existing method is not appropriate to intrusion response and recovery systems, which require a fast response time. Moreover file integrity checking is able to collect information about the damaged resources, without information about the person who generated the action, which would be very useful for intrusion isolation. In this paper, we propose rtIntegrit, which combines system call auditing functions, it is called Syswatcher, with file integrity checking. The rtlntegrit can detect many activities on files or file system in real-time by combining with Syswatcher. The Syswatcher audit file I/O relative system call that is specified on configuration. And it can be easily cooperated with intrusion response and recovery systems since it generates assessment data in the standard IDMEF format.

• Journal of Korea Multimedia Society
• /
• v.7 no.4
• /
• pp.505-517
• /
• 2004

This paper overviews the design details of the cluster file system $\textrm{SANique}^{TM}$ on the SAN environment. $\textrm{SANique}^{TM}$ has the capability of transferring user data from shared SAN disk to client application without control of centralized file server. We, especially, focus on the characteristics and functions of recovery manager CRM of $\textrm{SANique}^{TM}$. The process component for failure detection and its overall procedure are described. We define the split-brain problem that cannot be easily detected in cluster file systems and also propose the recovery management method based on SAN disk in order to detect and solve the split-brain situation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.12
• /
• pp.2609-2617
• /
• 2009

This paper describes the design overview of shared file system $SANique^{TM}$ and proposes the method for detection of failure node and recovery management algorithm. We also illustrate the characteristics and system architecture of shared file system based on SAN. In order to provide uninterrupted service, the detection and recovery methods are proposed under the all possible system failures and natural disasters. The various kinds of system failures and disasters are characterized and then the detection and recovery method are proposed in each disconnected computing node group.