Digital Forensic Investigation of ESE Database
ESE 데이터베이스에 대한 디지털 포렌식 조사 기법 연구
- 주제(키워드) ESE database forensic , ESE database recovery , ESE database format , ESE database analysis
- 발행기관 고려대학교 정보보호대학원
- 지도교수 이상진
- 발행년도 2016
- 학위수여년월 2016. 2
- 학위구분 석사
- 학과 정보보호대학원 정보보호학과
- 세부전공 삼성정보보호전공
- 원문페이지 55 p
- 실제URI http://www.dcollection.net/handler/korea/000000065197
- 본문언어 영어
- 제출원본 000045866860
초록/요약
The Extensible Storage Engine (ESE) database is a database developed by Microsoft, which is primarily used in web browsers (e.g. Internet Explorer, and Edge), and window systems (e.g. Window Search, and System Resource Usage Monitor). The pre-existing ESE database viewer may produce false values, and not read files depending on the collection environment and the state of files. Additionally, the recovery tool for deleted records is only compatible with some programs, and does not recover all the records. In this paper, we analyze the structure of the ESE database and present a general-use technique to recover deleted records. We develop a tool to implement the technique, and assess the performance of the proposed tool.
more목차
1. Introduction 1
1.1. Terminology 2
2. Related Works 4
3. ESE Database 6
3.1. Database 7
3.2. Table 7
3.3. Record and Column 8
3.4. Column Types 10
3.4.1. Fixed Columns 10
3.4.2. Variable Columns 11
3.4.3. Tagged Columns 11
3.5. Method for big-sized binary entity 11
3.6. Journaling 12
4. ESE Database Structure Analysis 13
4.1. Database Header 14
4.2. MSysObject Table 16
4.3. Page 19
4.3.1. Page Tag Structure 21
4.3.2. Record Structure in Data Page 22
4.3.3. Record Structure in Branch Page 24
4.3.4. Record Structure in Long Value Page 25
5. Verifying changes after deleting records 27
5.1. Experimental Environment 27
5.2. Experiment Results 28
6. Proposed Record Recovery Technique 31
7. Implementation, and Performance Assessment 36
8. Conclusion 41
Bibliography 43
