R&D: Forensics and Anti-Forensics of NAND Flash Memory From Copy-Back Program Perspective

IEEE Access has published an article written by Na Young Ahn, Institute of Cyber Security & Privacy, Korea University, Seoul, South Korea, and Dong Hoon Lee, Institute of Cyber Security and Privacy, Korea University, Seoul, South Korea, and Graduate School of Cybersecurity, Korea University, Seoul, South Korea.

Abstract: “This paper proposes a safe copy-back program operation in a NAND flash memory, which is targeting digital forensics for a variety of reasons. Due to the background management operation of the NAND flash memory, the original data is highly likely to remain without truly being deleted. We have carefully investigated the possibility of data exposure due to a copy-back program operation, among, frequently used management operations as such data exposure increases the possibility of privacy invasion. We propose a safe copy-back program operation that lowers the possibility of privacy invasion. And we additionally introduce various techniques for solving the reliability problem of adjacent cells caused by the proposed copy-back program operation. For example, when deleting the original data in a copy-back program operation, overwriting is performed to minimize program disturbance. Also, after acquiring the victim cell information of the adjacent cell before proceeding with overwriting, program prohibition is determined on each page buffer based on the victim cell information. Our research results are meaningful for forensics and anti-forensics issues to be raised regarding NAND flash memories. We look forward to the development of NAND flash memories that guarantee privacy in subsequent studies.“