Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ÄÄÇ»ÅÍ ¹× Åë½Å½Ã½ºÅÛ
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
µðÁöÅÐ Æ÷·»½Ä °üÁ¡¿¡¼ BIOS Æß¿þ¾î À̹ÌÁö ÆÄÀÏ ¼öÁý ¹× ºÐ¼®¿¡ °üÇÑ ¿¬±¸ |
| ¿µ¹®Á¦¸ñ(English Title) |
A Study of Acquisition and Analysis on the Bios Firmware Image File in the Digital Forensics |
| ÀúÀÚ(Author) |
Á¤½ÂÈÆ
ÀÌÀ±È£
ÀÌ»óÁø
Seung Hoon Jeong
Yun Ho Lee
Sang Jin Lee
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 05 NO. 12 PP. 0491 ~ 0498 (2016. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù Windows PE¿Í °°Àº Æ÷Åͺí OS¸¦ USB, CD/DVD µîÀÇ À̵¿½Ä ÀúÀå¸Åü¿¡ ÀúÀåÇÏ¿© ºÎÆÃÇÏ´Â ±â¹ýÀ¸·Î ±â¹ÐÀÚ·á ¹× ³»ºÎÁ¤º¸°¡ À¯ÃâµÇ´Â »ç·Ê°¡ Áõ°¡ÇÏ°í ÀÖ´Ù. À̵¿½Ä ÀúÀå¸Åü¸¦ ÀÌ¿ëÇÑ ÀÌ ºÎÆà ±â¹ýÀº Ÿ±ê PC¿¡ ¼³Ä¡µÈ USB º¸¾È, ¸ÅüÁ¦¾î¼Ö·ç¼Ç µîÀÇ º¸¾È ¼ÒÇÁÆ®¿þ¾îÀÇ ¿ìȸ°¡ °¡´ÉÇÏ°í, ºÎÆà ÈÄ PCÀÇ ÀúÀå¸Åü¸¦ ¸¶¿îÆ®ÇÏ¿© Á¤º¸ ÃßÃâ ¹× ¾Ç¼ºÄÚµå »ðÀÔ µîÀÇ ÇàÀ§°¡ °¡´ÉÇϸç, À̵¿½Ä ÀúÀå¸ÅüÀÇ »ç¿ëÈçÀû°ú °°Àº ·Î±×±â·ÏÀÌ ³²Áö ¾Ê´Â Ư¡ÀÌ ÀÖ¾î ÀÚ·áÀ¯Ãâ¿©ºÎ È®Àΰú ¿ªÃßÀûÀÌ ¾î·Æ´Ù. ÀÌ¿¡ º» ³í¹®¿¡¼´Â Ç÷¡½Ã ¸Þ¸ð¸®¿¡¼ BIOS¼³Á¤°ú °ü·ÃµÈ µ¥ÀÌÅÍ°¡ ±â·ÏµÇ´Â BIOS Æß¿þ¾î À̹ÌÁö¸¦ ¼öÁý ¹× ºÐ¼®ÇÏ¿© ÀÌ»óÇàÀ§·Î ÃßÁ¤ÇÒ ¼ö ÀÖ´Â À̵¿½Ä ÀúÀå¸Åü¸¦ ÀÌ¿ëÇÑ ºÎÆà ÈçÀûÀ» ã¾Æ ±â¾÷ÀÇ °¨»ç ¶Ç´Â µðÁöÅÐ Æ÷·»½Ä ¼ö»ç¸¦ ¼öÇàÇϴµ¥ µµ¿òÀÌ µÉ ¼ö ÀÖ´Â ¹æ¾ÈÀ» Á¦½ÃÇÑ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC¡¯s storage devices after booting up the portable OS. Also this booting method doesn¡¯t record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.
|
| Å°¿öµå(Keyword) |
µðÁöÅÐÆ÷·»½Ä
¹ÙÀÌ¿À½º Æß¿þ¾î À̹ÌÁö
NVRAM Variable Area
BIOS ºÎÆà ¼ø¼
Digital Forensic
BIOS Firmware Image
NVRAM Variable Area
BIOS Boot Sequence
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
