µ¥ÀÌÅͺ£À̽º ¿¬±¸È¸Áö(SIGDB)
ÇѱÛÁ¦¸ñ(Korean Title) |
Journaling of Journal ±â¹Ý SQLite ÆÄÀÏ º¹±¸ ±â¹ý |
¿µ¹®Á¦¸ñ(English Title) |
SQLite File Recovery based on Journaling of Journal |
ÀúÀÚ(Author) |
¹è½ÂÈÆ
Sunghun Bae
³²±â¿õ
Kiwoong Nam
ÀÌ»óÁØ
Sangjun Lee
±èÂù±Ô
Chankyu Kim
ÀÌ»óÈ£
Sang Ho Lee
¹Úµ¿ÁÖ
Dong-Joo Park
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 35 NO. 03 PP. 0029 ~ 0039 (2019. 12) |
Çѱ۳»¿ë (Korean Abstract) |
µðÁöÅÐ Æ÷·»½Ä¿¡¼ ¾Èµå·ÎÀÌµå ¾îÇø®ÄÉÀ̼ÇÀÇ »ç¿ëÀÚ Á¤º¸´Â Áß¿äÇÑ µðÁöÅÐ Áõ°Å´Ù. ¾Èµå·ÎÀ̵å´Â ¾îÇø®ÄÉÀ̼ÇÀÇ »ç¿ëÀÚ Á¤º¸¸¦ SQLite ÆÄÀÏ·Î ÀúÀåÇÑ´Ù. ¶ÇÇÑ SQLite´Â Áß¿ä µ¥ÀÌÅ͸¦ Àú³Î ÆÄÀÏÀ̶õ º°°³ÀÇ ÆÄÀÏ¿¡ ¹é¾÷ÇÑ´Ù. ±âÁ¸ ±â¹ýÀº ¾Èµå·ÎÀÌµå »ó¿¡¼ SQLite Àú³Î ÆÄÀÏ°ú ÆÄÀÏÀÇ ExT4 ¸ÞŸµ¥ÀÌÅͶó´Â ´Ü¼¸¦ È®º¸ÇÏÁö ¸øÇÏ¿´´Ù. º» ³í¹®Àº SQLite ÆÄÀÏ º¹±¸¸¦ È¿°úÀûÀ¸·Î ¼öÇàÇϱâ À§ÇÑ ´Ü¼¸¦ È®º¸ÇÏ´Â ±â¹ýÀ» Á¦¾ÈÇÑ´Ù. ¾Èµå·ÎÀ̵å ȯ°æ¿¡¼ ¹ß»ýÇÏ´Â Journaling of Journal ÀÌ»óÀº SQLite ÆÄÀÏÀÇ ¸ÞŸµ¥ÀÌÅ͸¦ ¹é¾÷ÇØ ExT4ÀÇ Àú³Î ¿µ¿ª¿¡ ÀúÀåÇÑ´Ù. ÇØ´ç ¸ÞŸµ¥ÀÌÅÍ´Â SQLite ÆÄÀÏ º¹±¸¿¡ ÇÊ¿äÇÑ ´Ü¼¸¦ Á¦°øÇϸç, ÀÌ°ÍÀ» È°¿ëÇؼ ÆÄÀÏ Ä«ºùÀ» ´õ È¿À²ÀûÀ¸·Î ¼öÇàÇÒ ¼ö ÀÖ´Ù.
|
¿µ¹®³»¿ë (English Abstract) |
Android application¡¯s user information is an important digital evidence to digital forensic. Android stores user information in SQLite database file. Also, SQLite backups important data to a separate file different from the journal file. The existing techniques cannot get a clue from SQLite journal file and its ExT4 metadata. In this paper, we propose a new technique to effectively perform SQLite file recovery using journaling of journal. The journaling of journal anomaly, which occurs in Android platform, duplicates SQLite file¡¯s metadata and also store them in the ExT4 journal block. These metadata can be a clue to be able to make SQLite file recovery more efficient.
|
Å°¿öµå(Keyword) |
À¥½Ã½ºÅÛ
°Ô½Ã±ÛºÐ¼®
´º½ºÇǵå
ÇÏÀÌÆÛ¸µÅ©
Web System
Message Analysis
Newsfeed
Hyperlink
µðÁöÅÐ Æ÷·»½Ä
ÆÄÀÏ º¹±¸
Àú³Î¸µ
SQLite
Digital Forensic
File Recovery
Journaling
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|