Ext4 and XFS File System Forensic Framework Based on TSK

Shin

et al. 2022

Sensors

Self Cite

The Android platform accounts for 85% of the global smartphone operating-system market share, and recently, it has also been installed on Internet-of-Things (IoT) devices such as wearable devices and vehicles. These Android-based devices store various personal information such as user IDs, addresses, and payment information and device usage data when providing convenient functions to users. Insufficient security for the management and deletion of data stored in the device can lead to various cyber security threats such as personal information leakage and identity theft. Therefore, research on the protection of personal information stored in the device is very important. However, there is a limitation that the current research for protection of personal information on the existing Android platform was only conducted on Android platform 6 or lower. In this paper, we analyze the deleted data remaining on the device and the possibility of recovery to improve user privacy for smartphones using Android platforms 9 and 10. The deleted data analysis is performed based on three data deletion scenarios: data deletion using the app’s own function, data deletion using the system app’s data and cache deletion function, and uninstallation of installed apps. It demonstrates the potential user privacy problems that can occur when using Android platforms 9 and 10 due to the leakage of recovered data. It also highlights the need for improving the security of personal user information by erasing the traces of deleted data that remain in the journal area and directory entry area of the filesystem used in Android platforms 9 and 10.

Section: Related Studiesmentioning

confidence: 99%

Digital Forensic Analysis to Improve User Privacy on Android

Shin

et al. 2022

Sensors

Self Cite

International Journal of Digital Crime and Forensics

“…The authors compared their work with existing work in Table 1. In Table 1, Jo et al's (2018), Kim et al's (2021), Lee et al's (2020), Lee and Shon's (2014), and the authors' work are pure MFR approaches; Garfinkel's (2007), Garfinkel and McCarrin's (2015), Gladyshev and James's (2017), Golden and Vassil's (2005)…”

Section: Comparisons With Existing Workmentioning

confidence: 99%

“…Depending on whether utilizing the file system metadata, existing file recovery approaches can be divided into two categories: Metadata-based file recovery (MFR) (Dewald & Seufert, 2017;Fairbanks, 2012;Jo et al, 2018;Kim et al, 2021;Lee et al, 2020;Lee & Shon, 2014) and carving-based file recovery (CFR) (Garfinkel, 2007;Garfinkel & McCarrin, 2015;Gladyshev & James, 2017;Golden & Vassil, 2005;Hand et al, 2012;Pal et al, 2003;Pal et al, 2008;Tang et al, 2016). MFR is fast and accurate because it can leverage file system metadata to interpret user data.…”

Section: Introductionmentioning

confidence: 99%

“…Although researchers have conducted in-depth and extensive research, there are still issues to be addressed for MFR and CFR. A critical issue is that most existing approaches rely heavily on services from an operating system (OS) (Fairbanks, 2012;Garfinkel, 2007;Garfinkel & McCarrin, 2015;Golden & Vassil, 2005;Hand et al, 2012;Jo et al, 2018;Kim et al, 2021;Lee et al, 2020;Lee & Shon, 2014;Pal et al, 2003;Pal et al, 2008;Tang et al, 2016). However, in many cases an OS is not available.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Golden Eye

Zhang

Chen

Zhu

2022

File systems are important sources of intelligence information and digital evidence. They have long attracted the interest of researchers in recovering files that are deleted from a hard disk. Existing file recovery studies rely heavily on an operating system (OS). However, it is often encountered that OS services are not available, making existing file recovery approaches unusable. To address this issue, the authors design and implement an OS-independent file recovery algorithm named Golden Eye (GE) by targeting the EXT4 file system. Fed the raw image obtained from a (sanitized) hard disk, GE can automatically recover any designated file or even the whole EXT4 file system. GE is based on the understanding of the file disk layout of EXT4 and does not need any support from additional hardware or software. Experimental results prove the feasibility and correctness of GE. This work not only solves the OS dependency problem that most existing file recovery work suffers from but also reveals the fact that even sanitized hard disks are still at risk of leaking sensitive data.

“…As an example, there is information on deleted data from the stored data, which cannot be generally confirmed. To confirm this, metadata can be obtained through file system analysis, and various data can be accessed through the obtained information [20][21][22].…”

Section: Related Workmentioning

confidence: 99%

Forensic Analysis of IoT File Systems for Linux-Compatible Platforms

Lee

Shon

2022

Electronics

Self Cite

Due to recent developments in IT technology, various IoT devices have been developed for use in various environments, such as card smart TVs, and smartphones Communication between IoT devices has become possible. Various IoT devices are found in homes and in daily life, and IoT technologies are being combined with vehicles, power, and wearables, amongst others. Although the usage of IoT devices has increased, the level of security technology applied to IoT devices is still insufficient. There is sensitive information stored inside IoT devices, such as personal information and usage history, so if security accidents happen, such as data leakage, it can be very damaging for users. Since research on data storage and acquisition in IoT devices is very important, in this paper we conducted a security analysis, from a forensic perspective, on IoT platform file systems used in various environments. The analysis was conducted on two mechanical platforms: Tizen (VDFS) and Linux (JFFS2 and UBIFS). Through file system metadata analysis, file system type, size, list of files and folders, deleted file information were obtained so that we could analyze file system structure with the obtained information. We also used the obtained information to check the recoverability of deleted data to investigate the recovery plan. In this study, we explain the characteristics of platforms used in various environments, and the characteristics of data stored in each platform. By analyzing the security issues of data stored during platform communications, we aimed to help in solving the problems affecting devices. In addition, we explain the analysis method for file system forensics so that it can be referred to in other platform forensics.