Abstract
This paper proposes a safe copy-back program operation in a NAND flash memory, which is targeting digital forensics for a variety of reasons. Due to the background management operation of the NAND flash memory, the original data is highly likely to remain without truly being deleted. We have carefully investigated the possibility of data exposure due to a copy-back program operation, among, frequently used management operations as such data exposure increases the possibility of privacy invasion. We propose a safe copy-back program operation that lowers the possibility of privacy invasion. And we additionally introduce various techniques for solving the reliability problem of adjacent cells caused by the proposed copy-back program operation. For example, when deleting the original data in a copy-back program operation, overwriting is performed to minimize program disturbance. Also, after acquiring the victim cell information of the adjacent cell before proceeding with overwriting, program prohibition is determined on each page buffer based on the victim cell information. Our research results are meaningful for forensics and anti-forensics issues to be raised regarding NAND flash memories. We look forward to the development of NAND flash memories that guarantee privacy in subsequent studies.
Highlights
Largely composed of identification, collection, preservation, analysis, submission, and verification of evidence [1]–[3], digital forensics is classified into disk forensics, memory forensics, and network forensics depending on the target [4], [5]
Network forensics collects and analyzes data related to computer networks [11], which mainly refers to digital forensics that analyzes and monitors network connection information or packets
In the copy-back program operation, we confirmed that unmanaged original data was the main target of forensics
Summary
Collection, preservation, analysis, submission, and verification of evidence [1]–[3], digital forensics is classified into disk forensics, memory forensics, and network forensics depending on the target [4], [5]. In response to the read command, NAND flash memory may perform a read operation from the source page of the first block BLK1, where the unmanaged data is stored, and transmit the result to controller. It may include an enhanced secure program operation This read operation may be performed on a corresponding source page via a read command and a source address in NAND flash memory during read time tR. Prior to performing a deletion operation according to the overwriting technique, it is possible to first read the victim cell group information in the adjacent word line and decide whether to program random data using the read victim cell group information. If the big team cell group information of the adjacent word line indicates the existence of a big team cell, the corresponding page buffer becomes controlled to maintain the program prohibition state
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
