Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ¼ÒÇÁÆ®¿þ¾î ¹× µ¥ÀÌÅÍ °øÇÐ
Current Result Document : 3 / 4
| ÇѱÛÁ¦¸ñ(Korean Title) |
µðÁöÅÐ Æ÷·»½ÄÀ» À§ÇÑ µ¥ÀÌÅͺ£À̽º ºí·Ï Å©±âÀÇ Å½Áö ±â¹ý |
| ¿µ¹®Á¦¸ñ(English Title) |
Detecting Methods of the Database Block Size for Digital Forensics |
| ÀúÀÚ(Author) |
±è¼±°æ
¹ÚÁö¼ö
¼ÕÁø°ï
Sunkyung Kim
Ji Su Park
Jin Gon Shon
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 09 NO. 04 PP. 0123 ~ 0128 (2020. 04) |
Çѱ۳»¿ë
(Korean Abstract) |
µðÁöÅÐ ±â±â »ç¿ëÀÌ ÀϹÝÈµÇ¸é¼ ¼ö»ç °úÁ¤¿¡¼ ¹°Àû Áõ°Å ¼öÁýÀ» À§ÇØ µðÁöÅÐ Æ÷·»½Ä ±â¹ýÀ» »ç¿ëÇÑ´Ù. ÀÌ Áß ÆÄÀÏ Æ÷·»½Ä ±â¹ýÀº »èÁ¦µÈ ÆÄÀÏÀ» º¹±¸ÇÏ´Â °ÍÀ¸·Î, ¿©·¯ °³ÀÇ ÆÄÀÏ·Î ±¸¼ºµÈ µ¥ÀÌÅͺ£À̽º°¡ »èÁ¦µÇ¾îµµ º¹±¸ÇÒ ¼ö ÀÖ´Ù. ±×·¯³ª µ¥ÀÌÅͺ£À̽º¿¡¼ ·¹Äڵ尡 »èÁ¦µÈ °æ¿ì´Â ÆÄÀÏ º¹±¸¸¦ ÇÏ¿©µµ ¼öÁ¤µÈ ·¹ÄÚµå ³»¿ëÀÌ º¹¿øµÇÁö ¾Ê´Â´Ù. ÀÌ¿¡ »èÁ¦µÈ ·¹Äڵ带 º¹±¸ÇÏ´Â ±â¹ýÀÎ µ¥ÀÌÅͺ£À̽º Æ÷·»½ÄÀÌ ÇÊ¿äÇÏ´Ù. µ¥ÀÌÅͺ£À̽º Æ÷·»½ÄÀº µ¥ÀÌÅͺ£À̽º ¼³Á¤ ÆÄÀϷκÎÅÍ ¸ÞŸµ¥ÀÌÅ͸¦ ȹµæÇÏ°í, µ¥ÀÌÅÍ ÆÄÀÏ¿¡¼ »èÁ¦µÈ ·¹Äڵ带 º¹±¸ÇÑ´Ù. ±×·¯³ª µ¥ÀÌÅͺ£À̽º¿¡¼ ºí·Ï Å©±â¿Í °°Àº µ¥ÀÌÅͺ£À̽º ¸ÞŸµ¥ÀÌÅ͸¦ ȹµæÇÏÁö ¸øÇÏ¸é ·¹ÄÚµå º¹±¸°¡ ¾î·Æ´Ù. º» ³í¹®¿¡¼´Â µ¥ÀÌÅͺ£À̽º ¸ÞŸµ¥ÀÌÅÍÀÎ ºí·Ï Å©±â¸¦ ŽÁöÇϱâ À§ÇÑ ¼¼ °¡Áö ¹æ¹ýÀ» Á¦¾ÈÇÑ´Ù. ù ¹ø° ±â¹ýÀº ºí·Ï¿¡ Á¸ÀçÇÏ´Â ºó°ø°£ÀÇ ÃÖ´ë Å©±â¸¦ ÀÌ¿ëÇϸç, µÎ ¹ø° ±â¹ýÀº ºí·ÏÀÌ ³ªÅ¸³ª´Â À§Ä¡¸¦ ÀÌ¿ëÇÑ´Ù. ¼¼ ¹ø° ±â¹ýÀº µÎ ¹ø° ±â¹ýº¸´Ù ´õ ºü¸£°Ô ºí·Ï Å©±â¸¦ ãÀ» ¼ö ÀÖµµ·Ï °³¼±ÇÑ´Ù. ½ÇÇè °á°ú´Â ¼¼ °¡Áö ŽÁö ±â¹ý ¸ðµÎ ¼¼ Á¾·ùÀÇ DBMSÀÇ ºí·Ï Å©±â¸¦ Á¤È®ÇÏ°Ô Ã£À» ¼ö ÀÖÀ½À» º¸ÀδÙ.
|
¿µ¹®³»¿ë
(English Abstract) |
As the use of digital devices is becoming more commonplace, digital forensics techniques recover data to collect physical evidence during the investigation. Among them, the file forensics technique recovers deleted files, therefore, it can recover the database by recovering all files which compose the database itself. However, if the record is deleted from the database, the modified record contents will not be restored even if the file is recovered. For this reason, the database forensics technique is required to recover deleted records. Database forensics obtains metadata from database configuration files and recovers deleted records from data files. However, record recovery is difficult if database metadata such as block size cannot be obtained from the database. In this paper, we propose three methods for obtaining block size, which is database metadata. The first method uses the maximum size of free space in the block, and the second method uses the location where the block appears. The third method improves the second method to find the block size faster. The experimental results show that three methods can correctly find the block size of three DBMSes.
|
| Å°¿öµå(Keyword) |
Digital Forensics
Database Forensics
Metadata
Block Size
µðÁöÅÐ Æ÷·»½Ä
µ¥ÀÌÅͺ£À̽º Æ÷·»½Ä
¸ÞŸµ¥ÀÌÅÍ
ºí·Ï Å©±â
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
