Citation Export
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Kim, Hyungchan | - |
| dc.contributor.author | Kim, Sungbum | - |
| dc.contributor.author | Shin, Yeonghun | - |
| dc.contributor.author | Jo, Wooyeon | - |
| dc.contributor.author | Lee, Seokjun | - |
| dc.contributor.author | Shon, Taeshik | - |
| dc.date.issued | 2021-09-01 | - |
| dc.identifier.issn | 2079-9292 | - |
| dc.identifier.uri | https://dspace.ajou.ac.kr/dev/handle/2018.oak/32272 | - |
| dc.description.abstract | Recently, the number of Internet of Things (IoT) devices, such as artificial intelligence (AI) speakers and smartwatches, using a Linux-based file system has increased. Moreover, these devices are connected to the Internet and generate vast amounts of data. To efficiently manage these generated data and improve the processing speed, the function is improved by updating the file system version or using new file systems, such as an Extended File System (XFS), B-tree file system (Btrfs), or Flash-Friendly File System (F2FS). However, in the process of updating the existing file system, the metadata structure may be changed or the analysis of the newly released file system may be insufficient, making it impossible for existing commercial tools to extract and restore deleted files. In an actual forensic investigation, when deleted files become unrecoverable, important clues may be missed, making it difficult to identify the culprit. Accordingly, a framework for extracting and recovering files based on The Sleuth Kit (TSK) is proposed by deriving the metadata changed in Ext4 file system journal checksum v3 and XFS file system v5. Thereafter, by comparing the accuracy and recovery rate of the proposed framework with existing commercial tools using the experimental dataset, we conclude that sustained research on file systems should be conducted from the perspective of forensics. | - |
| dc.description.sponsorship | This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2018R1D1A1B07043349) and the Energy Cloud R&D Program through the National Research Foundation of Korea (NRF) grant funded by the Ministry of Science, ICT (2019M3F2A1073385). | - |
| dc.language.iso | eng | - |
| dc.publisher | MDPI | - |
| dc.title | Ext4 and xfs file system forensic framework based on tsk | - |
| dc.type | Article | - |
| dc.citation.title | Electronics (Switzerland) | - |
| dc.citation.volume | 10 | - |
| dc.identifier.bibliographicCitation | Electronics (Switzerland), Vol.10 | - |
| dc.identifier.doi | 10.3390/electronics10182310 | - |
| dc.identifier.scopusid | 2-s2.0-85115194641 | - |
| dc.identifier.url | https://www.mdpi.com/2079-9292/10/18/2310/pdf | - |
| dc.subject.keyword | Digital forensic | - |
| dc.subject.keyword | Digital investigation | - |
| dc.subject.keyword | File recovery | - |
| dc.subject.keyword | File system | - |
| dc.subject.keyword | The sleuth kit | - |
| dc.description.isoa | true | - |
| dc.subject.subarea | Control and Systems Engineering | - |
| dc.subject.subarea | Signal Processing | - |
| dc.subject.subarea | Hardware and Architecture | - |
| dc.subject.subarea | Computer Networks and Communications | - |
| dc.subject.subarea | Electrical and Electronic Engineering | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
