Forensic Analysis and Image Acquisition of File Systems in Flash Memory-Based Devices Geon Yu
- 주제(키워드) Digital Forensic , File System , Internet of Things , Flash Memory , Forensic Tool
- 주제(DDC) 004.6
- 발행기관 아주대학교 일반대학원
- 지도교수 Taeshik Shon
- 발행년도 2025
- 학위수여년월 2025. 2
- 학위명 석사
- 학과 및 전공 일반대학원 AI융합네트워크학과
- 실제URI http://www.dcollection.net/handler/ajou/000000034625
- 본문언어 영어
- 저작권 아주대학교 논문은 저작권에 의해 보호받습니다.
초록/요약
The flash memory file systems in IoT devices play a critical role in data storage and management, serving as a vital source of evidence for digital forensic analysis. However, the structural diversity and manufacturer-specific designs of these file systems present challenges in applying consistent analysis methods. This study aims to address these challenges by systematically analyzing the structural characteristics of major IoT file systems, including JFFS2, UBIFS, Squashfs, and Cramfs. Based on this analysis, a digital forensic tool was designed and developed, integrating specialized functionalities such as metadata extraction, file navigation and recovery, decompression, and hash-based integrity verification. The developed tool is designed to efficiently analyze and recover data across various IoT environments, significantly enhancing the reliability and efficiency of forensic investigations. Experiments and validations using real IoT device data demonstrated the tool’s high accuracy and effectiveness, establishing its practical utility in digital evidence collection. This study lays the foundation for strengthening IoT digital forensic capabilities and is expected to contribute significantly to the development of data analysis and recovery techniques, not only for IoT devices but also for digital environments at large. Keywords : Digital Forensic, Internet of Things, File System, Flash Memory, Forensic Tool
more목차
I. Introduction 1
II. Related works 5
III. Analysis of IoT File System Structures 8
A. JFFS2 File system 8
1. Overview of JFFS2 File system 8
2. Metadata Analysis of the JFFS2 File System 9
B. UBIFS File system 11
1. Overview of UBIFS File system 11
2. Metadata Analysis of the UBIFS File System 12
C. Squashfs File system 18
1. Overview of Squashfs File system 18
2. Metadata Analysis of the Squashfs File System 19
D. Cramfs File system 25
1. Overview of Cramfs File system 25
2. Metadata Analysis of the Cramfs File System 25
IV. Analysis of Physical Devices Based on IoT File System Metadata 28
A. JFFS2 File system 28
B. UBIFS File system 30
C. Squashfs File system 35
V. Digital Forensic Tool for IoT File System Analysis 42
VI. Conclusion 45
References 47
