Forensic signature for tracking storage devices: Analysis of UEFI firmware image, disk signature and windows artifacts
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Jeong, Doowon | - |
dc.contributor.author | Lee, Sangjin | - |
dc.date.accessioned | 2021-09-01T14:01:03Z | - |
dc.date.available | 2021-09-01T14:01:03Z | - |
dc.date.created | 2021-06-19 | - |
dc.date.issued | 2019-06 | - |
dc.identifier.issn | 1742-2876 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/64865 | - |
dc.description.abstract | Tracking storage devices is one of the important fields in digital forensics. The existing methods and tools about registry, event log or IconCache analysis help solving cases on confidential leakage, illegal copying, and security incident cases. However, previous approach has drawback in tracking storage devices such as HDD, SSD, and etc since it was based on the good performance of USB device tracking. Another drawback in previous approach is that it is vulnerable to anti-forensics because the artifacts are dependent on the operating system. This paper introduces a new definition of forensic signature for tracking various storage devices and reviews the known artifacts. Furthermore, this study introduces unidentified artifact stored in UEFI firmware image and independent of operating system. Moreover, this paper develops a methodology for tracking storage devices using forensic signature according to the storage type. (C) 2019 Elsevier Ltd. All rights reserved. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | ELSEVIER SCI LTD | - |
dc.title | Forensic signature for tracking storage devices: Analysis of UEFI firmware image, disk signature and windows artifacts | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Sangjin | - |
dc.identifier.doi | 10.1016/j.diin.2019.02.004 | - |
dc.identifier.scopusid | 2-s2.0-85062462970 | - |
dc.identifier.wosid | 000469921600003 | - |
dc.identifier.bibliographicCitation | DIGITAL INVESTIGATION, v.29, pp.21 - 27 | - |
dc.relation.isPartOf | DIGITAL INVESTIGATION | - |
dc.citation.title | DIGITAL INVESTIGATION | - |
dc.citation.volume | 29 | - |
dc.citation.startPage | 21 | - |
dc.citation.endPage | 27 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Interdisciplinary Applications | - |
dc.subject.keywordAuthor | Disk forensics | - |
dc.subject.keywordAuthor | Firmware image analysis | - |
dc.subject.keywordAuthor | UEFI | - |
dc.subject.keywordAuthor | Disk serial number | - |
dc.subject.keywordAuthor | Digital investigation | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.