인문학
사회과학
자연과학
공학
의약학
농수해양학
예술체육학
복합학
DBpia AI
AI 에이전트
AI 아이디어
AI 리더
AI 뷰어
Citeasy
크롬 서지관리 다운로드
개인구독
소속 기관이 없으신 경우, 개인 정기구독을 하시면 저렴하게
논문을 무제한 열람 이용할 수 있어요.
지원사업
학술연구/단체지원/교육 등 연구자 활동을 지속하도록 DBpia가 지원하고 있어요.
커뮤니티
연구자들이 자신의 연구와 전문성을 널리 알리고, 새로운 협력의 기회를 만들 수 있는 네트워킹 공간이에요.
논문 기본 정보
- 자료유형
- 학위논문
- 저자정보
- 지도교수
- 손태식
- 발행연도
- 2016
- 저작권
- 아주대학교 논문은 저작권에 의해 보호받습니다.
이용수10
초록· 키워드
상세정보 수정요청해당 페이지 내 제목·저자·목차·페이지정보가 잘못된 경우 알려주세요!
Digital forensics is defined as a process and method for inquiring and proving, in a court of law, specific actions and factual grounds of occurrences through digital devices. The importance of digital forensics is becoming heightened as the personal and corporate digital devices, such as smartphones and tablet PC, have become more essential and critical as our daily usage of these devices are diversified in recent years. Crimes that abuse or target digital devices are increasing, and obtaining evidence through digital devices have increased significantly.
Among digital forensics area, recovering deleted data is playing an important role because it could discover key evidence stored within the digital devices. Moreover, in order to establish restored data as evidence, all process must observe due process, and data acquisition process must especially be carefully attended to. If due process is not observed during the data acquisition process, a solid evidence acquired in the process may not be admissible as a key evidence. Therefore, laws and institutional matters related to this topic has been actively studied, and there is a necessity for further research on technical areas.
Digital device relies on file system structure to store data on the storage. Among these file systems, Ext4 file system is a well-known file system typically used in a Linux distribution version, and are being used in many types of digital devices, from Android to raspberry pi. Therefore, the need for a study on analysis and restoration of deleted file for Ext4 file system is becoming more prominent in the modern digital society.
In this study, we proposed new digital forensic technique for Ext4 file system and analyzed a few considerations that are required from the legal and institutional perspective.
Among digital forensics area, recovering deleted data is playing an important role because it could discover key evidence stored within the digital devices. Moreover, in order to establish restored data as evidence, all process must observe due process, and data acquisition process must especially be carefully attended to. If due process is not observed during the data acquisition process, a solid evidence acquired in the process may not be admissible as a key evidence. Therefore, laws and institutional matters related to this topic has been actively studied, and there is a necessity for further research on technical areas.
Digital device relies on file system structure to store data on the storage. Among these file systems, Ext4 file system is a well-known file system typically used in a Linux distribution version, and are being used in many types of digital devices, from Android to raspberry pi. Therefore, the need for a study on analysis and restoration of deleted file for Ext4 file system is becoming more prominent in the modern digital society.
In this study, we proposed new digital forensic technique for Ext4 file system and analyzed a few considerations that are required from the legal and institutional perspective.
목차
- 1. Introduction 12. Background and related works 4A. Ext4 filesystem 4B. Related works 93. The issue of admissibility of digital evidence 12A. Analysis of laws and precedent 121. Analysis on the relevant law and finding its limitations 122. Analysis of cases related to establishing admissibility 15B. Acquiring methods for legally admissible digital evidence 204. Deleted data recovery for Ext4 based Open Platform Systems 23A. Acquisition and analysis of digital evidence 231. Acquiring digital evidence using a dd command (imaging) 232. Analyzing acquired data 24B. Deleted file recovery using journal area 281. Checking unallocated inode number 282. Confirming the deleted inode from unallocated inode 293. Finding deleted inode at journal area 31C. File name recovery through directory entry 331. Directory entry analysis 342. Identify the directory entry of the deleted file 353. Understand the directory entry creation mechanism 354. The H-tree structure in directory entry 36D. Design and implementation of recovery tool 375. Experiment and result 44A. Confirming the reliability of the data acquisition methods 44B. Deleted file recovery 486. Conclusion 537. References 54
최근 본 자료
