公开(公告)号：US20230024682A1

公开(公告)日：2023-01-26

申请号：US17868930

申请日：2022-07-20

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyun-Uk HWANG ,  Seung-Yong LEE ,  Joong-Soo HAN ,  Jung-Hoon OH ,  Jun-Su KIM ,  Ki-Bom KIM ,  Won-Ho KIM

IPC: G06F16/14 ,  G06F16/54

Abstract: Disclosed herein are a logical imaging apparatus and method for digital forensic triage. The logical imaging method for digital forensic triage includes receiving files selected as a digital evidence target, creating a logical imaging file, inside of which is formatted in a predetermined file system structure, recording the selected files in accordance with the file system structure of the created logical imaging file, and storing selected file list information about a list of the recorded selected files, and creating a separate selected list information file and a separate logical imaging summary file outside the logical imaging file.

公开(公告)号：US20140059313A1

公开(公告)日：2014-02-27

申请号：US13958541

申请日：2013-08-03

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyun-Uk HWANG ,  Ki-Bom KIM ,  Seung-Yong LEE ,  Young-Chan SHIN ,  Tae-Joo CHANG

IPC: G06F11/14

CPC classification number: G06F11/1435 ,  G06F11/1417 ,  G06F17/30117

Abstract: In a method for recovering a partition using backup boot record information, an unallocated area is separated from a disk or an evidence image. The unallocated area is searched for a location of a backup boot record. Whether is backup boot record of a file system to be detected is present in found sectors is analyzed. If the backup boot record is found to be the backup boot record of the file system desired to be detected as a result of the analysis, it is verified whether the backup boot record is a boot record of a valid partition. If it is verified that the backup boot record is the boot record of the valid partition, a file system of a deleted partition is parsed using the backup boot record and a deleted directory or file is recovered.

Abstract translation: 在使用备份引导记录信息恢复分区的方法中，将未分配区域与磁盘或证据图像分离。 搜索未分配区域的备份启动记录的位置。 分析是否存在待检测文件系统的备份启动记录。 如果发现备份启动记录是文件系统的备份引导记录，作为分析结果需要检测的文件系统，则验证备份引导记录是否是有效分区的引导记录。 如果验证备份引导记录是有效分区的引导记录，则使用备份引导记录解析已删除分区的文件系统，并恢复已删除的目录或文件。

公开(公告)号：US20170118649A1

公开(公告)日：2017-04-27

申请号：US15069136

申请日：2016-03-14

Applicant: Electronics and Telecommunications Research Institute

Inventor： Seung-Jei YANG ,  Jung-Ho CHOI ,  Ki-Bom KIM

IPC: H04W12/08 ,  H04L29/06

CPC classification number: H04W12/08 ,  H04L63/10 ,  H04W88/02

Abstract: Disclosed herein are a data protection apparatus and method for a smart device. The data protection apparatus for a smart device includes a detection unit for detecting unauthorized activity in a bootloader of the smart device, based on whether a program for acquiring an administrator privilege has been installed and whether a compressed-command file is present, during a procedure for loading the bootloader, and a data access blocking unit for, when the unauthorized activity is detected, performing an operation of locking the smart device, thus blocking access to data in the smart device.