Digital Forensics based Privacy Data Protection
디지털포렌식 기반 개인정보 영구 삭제 방안
- 주제(키워드) Digital Forensic , Android Forensic , filesystem Forensic , Ext4 Forensic , Permanent Deletion
- 발행기관 아주대학교
- 지도교수 손태식
- 발행년도 2021
- 학위수여년월 2021. 2
- 학위명 석사
- 학과 및 전공 일반대학원 AI융합네트워크학과
- 실제URI http://www.dcollection.net/handler/ajou/000000030519
- 본문언어 영어
- 저작권 아주대학교 논문은 저작권에 의해 보호받습니다.
초록/요약
Recently, the use of Android OS-based smartphones, wearable devices and IoT(Internet of Things) devices are rapidly increasing. The IoT devices generate various data in the process of providing convenience to users and store them in the cloud and devices. Since the stored data includes user personal information, it is exposed to threats such as information leakage, and there are cases in which personal information was leaked by recovering data deleted from an actual used Android smartphone. However, previous studies focus on data extraction, and studies from the perspective of personal information protection such as data management and permanent deletion are insufficient. Therefore, this paper analyzes the change in filesystem metadata before and after file deletion for permanent deletion on the Android Platform, and derive the recoverability through traces remaining after file deletion. This shows the possibility of personal information leakage if files are not permanently deleted from smartphone using the Android Platform. After, we proposed a method of deleting the Journal Area of the filesystem for permanent deletion of user personal information, and a method of deleting both the unallocated Area and the Journal Area of the filesystem. The proposed method was verified on Samsung Galaxy S9 + (Android 9, 64GB) and PC Ubuntu 16.04 LTS environment.
more목차
Chapter 1 Introduction 1
Chapter 2 Related Work 3
Section 1 Android Platform Forensic 3
Section 2 Filesystem Forensic 4
Chapter 3 Filesystem metadata structure for data recovery on the Android Platform 6
Section 1 Superblock 6
Section 2 Group Descriptor 7
Section 3 Inode 8
Section 4 Journal Superblock 9
Section 5 Journal Descriptor Block 9
Chapter 4 Metadata change and recoverability before and after data deletion on Android Platform 10
Section 1 Data deletion scenario of smartphone using Android Platform 10
Section 2 Analysis of metadata change and recoverability after data deletion using Android smartphone app's own function 11
1. Analysis of metadata change and recoverability after data deletion stored in database file 11
2. Analysis of metadata change and recoverability after data deletion stored in regular file 12
Section 3 Analysis of metadata change and recoverability after deletion app data/cache using Android smartphone setting app 14
1. Analysis of metadata change and recoverability after deletion app data/cache from system default app 14
2. Analysis of metadata change and recoverability after deletion app data/cache from user installed app 15
Section 4 Analysis of metadata change and recoverability after uninstalling an app 17
1. Analysis of metadata change and recoverability after uninstalling user installed app 17
Chapter 5 Method of permanently deleting data on the Android Platform 19
Section 1 Method of permanently deleting data through deleting data in Journal Area 19
1. Metadata Analysis 20
2. Journal Inode Analysis 21
3. Journal Area TRIM 21
Section 2 Method of permanently deleting data through deleting data in Journal Area and Unallocated Area 22
1. Inode Analysis 22
2. Unallocated Area Analysis 24
3. Directory Entry TRIM 25
Chapter 6 Verification of permanent data deletion method on Android Platform 26
Section 1 Verification of permanent data deletion method through deleting data in Journal Area 26
Section 2 Verification of permanent data deletion method through deleting data in Journal Area and Unallocated Area 28
Chapter 7 Conclusion 32
