Recently, the number of Internet of Things (IoT) devices, such as artificial intelligence (AI) speakers and smartwatches, using a Linux-based file system has increased. Moreover, these devices are connected to the Internet and generate vast amounts of data. To efficiently manage these generated data and improve the processing speed, the function is improved by updating the file system version or using new file systems, such as an Extended File System (XFS), B-tree file system (Btrfs), or Flash-Friendly File System (F2FS). However, in the process of updating the existing file system, the metadata structure may be changed or the analysis of the newly released file system may be insufficient, making it impossible for existing commercial tools to extract and restore deleted files. In an actual forensic investigation, when deleted files become unrecoverable, important clues may be missed, making it difficult to identify the culprit. Accordingly, a framework for extracting and recovering files based on The Sleuth Kit (TSK) is proposed by deriving the metadata changed in Ext4 file system journal checksum v3 and XFS file system v5. Thereafter, by comparing the accuracy and recovery rate of the proposed framework with existing commercial tools using the experimental dataset, we conclude that sustained research on file systems should be conducted from the perspective of forensics.
Vehicle systems have been one of the fastest-growing fields in recent years. Vehicles are extremely helpful for understanding driver behaviors and have received significant attention from a forensic perspective. Extensive forensic research was previously conducted on on-board vehicle systems, such as an event data recorders, located in the electronic control unit or manufacturer-based infotainment systems. However, unlike previous vehicles that used only manufacturer-based infotainment systems, most vehicles today are equipped with infotainment systems such as Android Auto and Apple CarPlay. These in-vehicle infotainment (IVI) systems connect to mobile devices such as smartphones and tablets. The vehicle can periodically communicate with a smartphone and thus a network outside the vehicle. Drivers can use more services in their vehicles than ever before. Accordingly, an increasing number of diverse data are being stored in vehicles, with mobile devices connected to both the vehicle and the cloud. Such data include information that can be of significant help to investigators in solving problems during forensic investigations. Therefore, forensics of IVI systems such as Android Auto and Apple CarPlay are becoming increasingly important. We analyzed various forensic studies conducted on Android Auto and Apple CarPlay. Most of the research was mainly focused on mobile devices connected through a wired USB connection. The use of wireless-based IVI systems has recently been increasing. However, the analysis of Android Auto and Apple CarPlay from this point of view is insufficient. Therefore, we proposed a forensic methodology that fully considers such limitations. A forensic analysis was conducted on various IVI systems. We also developed an IVI system forensics tool that works based on the proposed methodology.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.