Forensics and Anti-Forensics of a NAND Flash Memory: From a Copy-Back Program Perspective

Abstract

This paper proposes a safe copy-back program operation in a NAND flash memory, which is targeting digital forensics for a variety of reasons. Due to the background management operation of the NAND flash memory, the original data is highly likely to remain without truly being deleted. We have carefully investigated the possibility of data exposure due to a copy-back program operation, among, frequently used management operations as such data exposure increases the possibility of privacy invasion. We propose a safe copy-back program operation that lowers the possibility of privacy invasion. And we additionally introduce various techniques for solving the reliability problem of adjacent cells caused by the proposed copy-back program operation. For example, when deleting the original data in a copy-back program operation, overwriting is performed to minimize program disturbance. Also, after acquiring the victim cell information of the adjacent cell before proceeding with overwriting, program prohibition is determined on each page buffer based on the victim cell information. Our research results are meaningful for forensics and anti-forensics issues to be raised regarding NAND flash memories. We look forward to the development of NAND flash memories that guarantee privacy in subsequent studies.