국립중앙도서관 "우편 복사 서비스"로 연결 됩니다.
ScienceON
KISSDigital Forensics is gaining popularity in adjudication of criminal cases as use of electronic gadgets in committing crime has risen. Traditional approach to collecting digital evidence falls short when the disk is encrypted. Encryption keys are often...
다국어 입력
あ
ぁ
か
が
さ
ざ
た
だ
な
は
ば
ぱ
ま
や
ゃ
ら
わ
ゎ
ん
い
ぃ
き
ぎ
し
じ
ち
ぢ
に
ひ
び
ぴ
み
り
う
ぅ
く
ぐ
す
ず
つ
づ
っ
ぬ
ふ
ぶ
ぷ
む
ゆ
ゅ
る
え
ぇ
け
げ
せ
ぜ
て
で
ね
へ
べ
ぺ
め
れ
お
ぉ
こ
ご
そ
ぞ
と
ど
の
ほ
ぼ
ぽ
も
よ
ょ
ろ
を
ア
ァ
カ
サ
ザ
タ
ダ
ナ
ハ
バ
パ
マ
ヤ
ャ
ラ
ワ
ヮ
ン
イ
ィ
キ
ギ
シ
ジ
チ
ヂ
ニ
ヒ
ビ
ピ
ミ
リ
ウ
ゥ
ク
グ
ス
ズ
ツ
ヅ
ッ
ヌ
フ
ブ
プ
ム
ユ
ュ
ル
エ
ェ
ケ
ゲ
セ
ゼ
テ
デ
ヘ
ベ
ペ
メ
レ
オ
ォ
コ
ゴ
ソ
ゾ
ト
ド
ノ
ホ
ボ
ポ
モ
ヨ
ョ
ロ
ヲ
―
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
예시)
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
А
Б
В
Г
Д
Е
Ё
Ж
З
И
Й
К
Л
М
Н
О
П
Р
С
Т
У
Ф
Х
Ц
Ч
Ш
Щ
Ъ
Ы
Ь
Э
Ю
Я
а
б
в
г
д
е
ё
ж
з
и
й
к
л
м
н
о
п
р
с
т
у
ф
х
ц
ч
ш
щ
ъ
ы
ь
э
ю
я
′
″
℃
Å
¢
£
¥
¤
℉
‰
$
%
F
₩
㎕
㎖
㎗
ℓ
㎘
㏄
㎣
㎤
㎥
㎦
㎙
㎚
㎛
㎜
㎝
㎞
㎟
㎠
㎡
㎢
㏊
㎍
㎎
㎏
㏏
㎈
㎉
㏈
㎧
㎨
㎰
㎱
㎲
㎳
㎴
㎵
㎶
㎷
㎸
㎹
㎀
㎁
㎂
㎃
㎄
㎺
㎻
㎽
㎾
㎿
㎐
㎑
㎒
㎓
㎔
Ω
㏀
㏁
㎊
㎋
㎌
㏖
㏅
㎭
㎮
㎯
㏛
㎩
㎪
㎫
㎬
㏝
㏐
㏓
㏃
㏉
㏜
㏆
RISS 인기검색어
https://www.riss.kr/link?id=A108295809
-
저자
Frimpong Twum (Kwame Nkrumah University of Science and Technology) ; Emmanuel Mawuli Lagoh (Kwame Nkrumah University of Science and Technology) ; Yaw Missah (Kwame Nkrumah University of Science and Technology) ; Najim Ussiph (Kwame Nkrumah University of Science and Technology) ; Emmanuel Ahene (Kwame Nkrumah University of Science and Technology)
- 발행기관
- 학술지명
- 권호사항
-
발행연도
2022
-
작성언어
English
- 주제어
-
등재정보
KCI등재,SCIE,SCOPUS
-
자료형태
학술저널
- 발행기관 URL
-
수록면
3068-3086(19쪽)
- 제공처
-
0
상세조회 -
0
다운로드
부가정보
다국어 초록 (Multilingual Abstract)
Digital Forensics is gaining popularity in adjudication of criminal cases as use of electronic gadgets in committing crime has risen. Traditional approach to collecting digital evidence falls short when the disk is encrypted. Encryption keys are often stored in RAM when computer is running. An approach to acquire forensic data from RAM when the computer is shut down is proposed. The approach requires that the investigator immediately cools the RAM and transplant it into a host computer provisioned with a tool developed based on cold boot concept to acquire the RAM image. Observation of data obtained from the acquired image compared to the data loaded into memory shows the RAM chips exhibit some level of remanence which allows their content to persist after shutdown which is contrary to accepted knowledge that RAM loses its content immediately there is power cut. Results from experimental setups conducted with three different RAM chips labeled System A, B and C showed at a reduced temperature of -25C, the content suffered decay of 2.125% in 240 seconds, 0.975% in 120 seconds and 1.225% in 300 seconds respectively. Whereas at operating temperature of 25°C, there was decay of 82.33% in 60 seconds, 80.31% in 60 seconds and 95.27% in 120 seconds respectively. The content of RAM suffered significant decay within two minutes without power supply at operating temperature while at a reduced temperature less than 5% decay was observed. The findings show data can be recovered for forensic evidence even if the culprit shuts down the computer.
참고문헌 (Reference) 
1 Truecrypt Foundation, "TrueCrypt User Guide"
2 M. Broz, "The trueCrypt on-disk format-An independent view" 12 (12): 74-77, 2014
3 F. M. Granja, "The preservation of digital evidence and its admissibility in the court" 9 (9): 1-18, 2017
4 C. Maartmann-Moe, "The persistence of memory : Forensic identification and extraction of cryptographic keys" 6 (6): 132-140, 2009
5 M. V. Ball, "The XTS-AES Disk Encryption Algorithm and the Security of Ciphertext Stealing" 36 (36): 70-79, 2012
6 N. Syazwani, "THE ADMISSIBILITY OF DIGITAL DOCUMENT AS EVIDENCE UNDER MALAYSIAN CIVIL COURT" 2021 (2021): 248-257, 2021
7 Trusted Computing Group, "TCG PC Client Platform Reset Attack Mitigation Specification"
8 J. Aumasson, "Serious Cryptography" No Starch Press, Inc 2018
9 L. Wilke, "SEVurity : No security without integrity : Ng integrity-free memory encryption with minimal assumptions" 1483-1496, 2020
10 S. Abdullah Kahar, "Requirement That Needed To Admit The Digital Document As Evidence In Syariah Court" 2021 (2021): 2756-8938, 2021
1 Truecrypt Foundation, "TrueCrypt User Guide"
2 M. Broz, "The trueCrypt on-disk format-An independent view" 12 (12): 74-77, 2014
3 F. M. Granja, "The preservation of digital evidence and its admissibility in the court" 9 (9): 1-18, 2017
4 C. Maartmann-Moe, "The persistence of memory : Forensic identification and extraction of cryptographic keys" 6 (6): 132-140, 2009
5 M. V. Ball, "The XTS-AES Disk Encryption Algorithm and the Security of Ciphertext Stealing" 36 (36): 70-79, 2012
6 N. Syazwani, "THE ADMISSIBILITY OF DIGITAL DOCUMENT AS EVIDENCE UNDER MALAYSIAN CIVIL COURT" 2021 (2021): 248-257, 2021
7 Trusted Computing Group, "TCG PC Client Platform Reset Attack Mitigation Specification"
8 J. Aumasson, "Serious Cryptography" No Starch Press, Inc 2018
9 L. Wilke, "SEVurity : No security without integrity : Ng integrity-free memory encryption with minimal assumptions" 1483-1496, 2020
10 S. Abdullah Kahar, "Requirement That Needed To Admit The Digital Document As Evidence In Syariah Court" 2021 (2021): 2756-8938, 2021
11 C. Hargreaves, "Recovery of encryption keys from memory using a linear scan" 1369-1376, 2008
12 I. Zimerman, "Recovering AES Keys with a Deep Cold Boot Attack"
13 B. Kaplan, "RAM is Key: Extracting Disk Encryption Keys From Volatile Memory"
14 K. Hausknecht, "RAM data significance in digital forensics" 1372-1375, 2015
15 C. Hilgers, "Post-mortem memory analysis of cold-booted android devices" 62-75, 2014
16 N. Mainardi, "Plaintext recovery attacks against linearly decryptable fully homomorphic encryption schemes" 87 : 101587-, 2019
17 M. Gruhn, "On the practicability of cold boot attacks" 390-397, 2013
18 A. Case, "Memory forensics : The path forward" 20 : 23-33, 2017
19 J. Alex Halderman, "Lest we remember : Cold boot attacks on encryption keys" 45-58, 2008
20 M. Gruhn, "Forensically sound data acquisition in the age of anti-forensic innocence"
21 Y. Shah, "Forensic Analysis of Volatile Memory for Non-string Data" 2017
22 K. Alam, "Encryption Data Recover from Memory" 02 (02): 58-66, 2021
23 D. Forte, "Do encrypted disks spell the end of forensics?" 2009 (2009): 18-20, 2019
24 Periyadi, "Digital forensics random access memory using live technique based on network attacked" 1 (1): 2017
25 F. M. Ghabban, "Comparative analysis of network forensic tools and network forensics processes" 78-83, 2021
26 P. McGregor, "Braving the cold: New methods for preventing cold boot attacks on encryption keys" Black Hat Secur
27 R. Carbone, "An in-depth analysis of the cold boot attack-Can it be used for sound forensic memory acquisition ?"
28 J. Seo, "A study on memory dump analysis based on digital forensic tools" 8 (8): 694-703, 2015
29 M. A. Alomari, "A study on encryption algorithms and modes for disk encryption" 793-797, 2019
동일학술지(권/호) 다른 논문
-
- 한국인터넷정보학회
- Yan Sha
- 2022
- KCI등재,SCIE,SCOPUS
-
A hybrid model of regional path loss of wireless signals through the wall
- 한국인터넷정보학회
- Guangyong Xi
- 2022
- KCI등재,SCIE,SCOPUS
-
- Korean Society for Internet Information
- Chen, Mohan
- 2022
- KCI등재,SCIE,SCOPUS
-
- 한국인터넷정보학회
- Zixun Xiong
- 2022
- KCI등재,SCIE,SCOPUS
분석정보
연관 공개강의(KOCW)
이 자료와 함께 이용한 RISS 자료
나만을 위한 추천자료
