Digital forensic investigation methodology for Storage Space: Based on the NIST digital forensic process
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Junho | - |
dc.contributor.author | Lee, Sangjin | - |
dc.contributor.author | Jeong, Doowon | - |
dc.date.accessioned | 2022-06-23T00:41:25Z | - |
dc.date.available | 2022-06-23T00:41:25Z | - |
dc.date.created | 2022-06-22 | - |
dc.date.issued | 2022-05 | - |
dc.identifier.issn | 0022-1198 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/142322 | - |
dc.description.abstract | For forensic examiners, investigating the RAID systems of servers has been challenging, as the examiners must reconstruct multiple high-capacity disks to identify digital evidence. Software-based RAID systems' use has been released for personal use, so examiners should consider RAID systems even when they investigate personal computers. Although there is a high probability that the software-based RAID will become a target of crime, there has been little research into digital forensic methodology for software-based RAID, as exemplified by Storage Space. In this paper, we introduce details about the structure of Storage Space found through reverse engineering. Storage Space was analyzed by applying the digital forensic process of NIST. We explain how to reconstruct a virtual disk configured using Storage Space and develop an automated tool to do so. To evaluate our study and the tool developed, we created an experimental scenario and describe in detail the forensic procedure and technical methods for the analysis of Storage Space. Our research can be used as the basis of forensic investigations for Storage Space. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | WILEY | - |
dc.subject | DATA TRACES | - |
dc.subject | DEVICE | - |
dc.subject | SYSTEM | - |
dc.title | Digital forensic investigation methodology for Storage Space: Based on the NIST digital forensic process | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Sangjin | - |
dc.identifier.doi | 10.1111/1556-4029.14992 | - |
dc.identifier.scopusid | 2-s2.0-85123898031 | - |
dc.identifier.wosid | 000748149200001 | - |
dc.identifier.bibliographicCitation | JOURNAL OF FORENSIC SCIENCES, v.67, no.3, pp.989 - 1001 | - |
dc.relation.isPartOf | JOURNAL OF FORENSIC SCIENCES | - |
dc.citation.title | JOURNAL OF FORENSIC SCIENCES | - |
dc.citation.volume | 67 | - |
dc.citation.number | 3 | - |
dc.citation.startPage | 989 | - |
dc.citation.endPage | 1001 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Legal Medicine | - |
dc.relation.journalWebOfScienceCategory | Medicine, Legal | - |
dc.subject.keywordPlus | DATA TRACES | - |
dc.subject.keywordPlus | DEVICE | - |
dc.subject.keywordPlus | SYSTEM | - |
dc.subject.keywordAuthor | digital forensics | - |
dc.subject.keywordAuthor | RAID forensics | - |
dc.subject.keywordAuthor | RAID reconstruction | - |
dc.subject.keywordAuthor | software-based RAID | - |
dc.subject.keywordAuthor | Storage Space | - |
dc.subject.keywordAuthor | windows forensics | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.