@article{ART003198696},
author={Byung-Gook Kim and Ryu Gab Sang},
title={Forensic Analysis of Hidden Areas in Self-Encrypting Storage},
journal={Journal of Internet of Things and Convergence},
issn={2466-0078},
year={2025},
volume={11},
number={2},
pages={83-88}
TY - JOUR
AU - Byung-Gook Kim
AU - Ryu Gab Sang
TI - Forensic Analysis of Hidden Areas in Self-Encrypting Storage
JO - Journal of Internet of Things and Convergence
PY - 2025
VL - 11
IS - 2
PB - The Korea Internet of Things Society
SP - 83
EP - 88
SN - 2466-0078
AB - This paper focuses on the hidden areas of self-encrypting drives (SEDs) that comply with the Trusted Computing Group (TCG) storage specification. In general, data storage devices include not only areas accessible via standard read and write commands provided to end-users but also hidden areas such as the Host Protected Area (HPA) and Device Configuration Overlay (DCO), which are inaccessible through conventional commands. These hidden areas may not be detectable by standard industrial tools, posing potential security risks to digital forensic investigators and corporate security administrators. The existence of such hidden areas significantly increases the risk that a forensic image of the storage device may not represent a true physical copy, potentially leading to incomplete or inaccurate investigative results due to concealed data. Moreover, data residing in these areas may persist despite deletion procedures carried out using typical industrial tools, resulting in the retention of sensitive information. This paper introduces the unique hidden areas present in self-encrypting drives compliant with the TCG storage specification. It further demonstrates, through the use of open-source and freely available tools, that users can access, modify, and write data within these hidden regions. Finally, the paper discusses the potential implications of these hidden areas in digital forensic investigations and proposes corresponding countermeasures.
KW - Storage System;Data Hiding;Self-Encrypting Drive;Digital Forensic
DO -
UR -
ER -
Byung-Gook Kim and Ryu Gab Sang. (2025). Forensic Analysis of Hidden Areas in Self-Encrypting Storage. Journal of Internet of Things and Convergence, 11(2), 83-88.
Byung-Gook Kim and Ryu Gab Sang. 2025, "Forensic Analysis of Hidden Areas in Self-Encrypting Storage", Journal of Internet of Things and Convergence, vol.11, no.2 pp.83-88.
Byung-Gook Kim, Ryu Gab Sang "Forensic Analysis of Hidden Areas in Self-Encrypting Storage" Journal of Internet of Things and Convergence 11.2 pp.83-88 (2025) : 83.
Byung-Gook Kim, Ryu Gab Sang. Forensic Analysis of Hidden Areas in Self-Encrypting Storage. 2025; 11(2), 83-88.
Byung-Gook Kim and Ryu Gab Sang. "Forensic Analysis of Hidden Areas in Self-Encrypting Storage" Journal of Internet of Things and Convergence 11, no.2 (2025) : 83-88.
Byung-Gook Kim; Ryu Gab Sang. Forensic Analysis of Hidden Areas in Self-Encrypting Storage. Journal of Internet of Things and Convergence, 11(2), 83-88.
Byung-Gook Kim; Ryu Gab Sang. Forensic Analysis of Hidden Areas in Self-Encrypting Storage. Journal of Internet of Things and Convergence. 2025; 11(2) 83-88.
Byung-Gook Kim, Ryu Gab Sang. Forensic Analysis of Hidden Areas in Self-Encrypting Storage. 2025; 11(2), 83-88.
Byung-Gook Kim and Ryu Gab Sang. "Forensic Analysis of Hidden Areas in Self-Encrypting Storage" Journal of Internet of Things and Convergence 11, no.2 (2025) : 83-88.
