• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.151-166
• /
• 2009

To prove the integrity of digital evidence on the investigation procedure, the data which is using the MD 5(Message Digest 5) hash-function algorithm has to be discarded, if the integrity was damaged on the investigation. Even though a proof restoration of the deleted area is essential for securing the proof regarding a main phase of a case, it was difficult to secure the decisive evidence because of the damaged evidence data due to the difference between the overall hash value and the first value. From this viewpoint, this paper proposes the novel model for the mobile forensic procedure, named as "E-Finder(Evidence Finder)", to ,solve the existing problem. The E-Finder has 5 main phases and 15 procedures. We compared E-Finder with NIST(National Institute of Standards and Technology) and Tata Elxsi Security Group. This paper thus achieved the development and standardization of the investigation methodology for the mobile forensics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.155-163
• /
• 2011

Rumor or abusive web postings in internet has become a social issue. Web postings may be proposed on evidence in form of a screenshot in libel suit, but a screenshot can be easily modified by computer programs. A person can make ill use of the screenshot which is modified deliberately original contents to opposite meaning in a lawsuit. That makes an innocent person to be punished because it can have difficulties to verify despite analyzing the server data. A screenshot of web postings is likely to fail to prove its authenticity and it is not able to reflect the fact. If notarization for web postings is offered, clear and convincing evidence can be submitted in a court. So, related techniques and policies should be established In this paper, we propose some technical and legal conditions and design for notarization and archive system of web postings for litigation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.143-154
• /
• 2011

SQLite is a small sized database engine largely used in embedded devices and local application software. The availability of portable devices, such as smartphones, has been extended over the recent years and has contributed to growing adaptation of SQLite. This implies a high likelihood of digital evidences acquired during forensic investigations to include SQLite database files. Where intentional deletion of sensitive data can be made by a suspect, forensic investigators need to recover deleted records in SQLite at the best possible. This study analyzes data management rules used by SQLite and the structure of deleted data in the system, and in turn suggests a recovery Tool of deleted data. Further, the study examines major SQLite suited software as it validates feasible possibility of deleted data recovery.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.55-65
• /
• 2011

Recently, use of cloud computing service is dramatically increasing due to wired and wireless communications network diffusion in a field of high performance Internet technique. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. In a view of digital forensic investigation, it is difficult to obtain data from cloud computing service environments. therefore, this paper suggests analysis method of AWS(Amazon Web Service) and Rackspace which take most part in cloud computing service where IaaS formats presented for data acquisition in order to get an evidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.771-783
• /
• 2012

This paper proposes a scheme to collect video data of the vehicle black box in order to strengthen the public safety. The existing schemes, such as surveillance system with the fixed CCTV and car black box, have privacy issues, network traffic overhead and the storage space problems because all video data are sent to the central server. In this paper, the central server only collects the video data related to the accident or the criminal offense using the GPS information and time in order to investigation of the accident or the criminal offense. The proposed scheme addresses the privacy issues and reduces network traffic overhead and the storage space of the central server since the central server collects the video data only related to the accident and the criminal offense. The implementation and experiment shows that our service is feasible. The proposed service can be used as a component of remote surveillance system to prevent the criminal offense and to investigate the criminal offense.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.353-363
• /
• 2021

As the Untact era is rapidly changing, collaboration tools are increasing their utilization and value as digital technologies for non-face-to-face work. While instant messenger-based collaboration tools support a variety of functions, crime and accident concerns are also increasing in proportion to their convenience, such as information leakage and security incidents. Meanwhile, the digital forensics perspective on collaborative tools is not enough, so forensics research is needed. This study analyzes significant artifacts in the two operating environments through Windows and Android forensics research on Microsoft Teams, the collaboration tool with the highest share in the world. Also, based on differences in artifacts and data attributes according to the operating environment, by applying 'differential forensic', we proved that the usefulness of evidence can be improved by presenting a complementary analysis method and timeline configuration through information linkage.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.12
• /
• pp.127-134
• /
• 2020

Recently, Harmful sites, including pornographic videos, drugs, personal information and hacking tool distribution sites, have caused serious social problems. However, due to the nature of the Internet environment where anyone can use it freely, it is difficult to control the user effectively. And the site operator operates by changing the domain to bypass the blockage. Therefore, even once identified sites have low persistence. In this paper, we propose multi-channel domain tracking technology, a technique that can effectively track changes in the domain addresses of harmful sites, including the same or similar content, by tracking changes in these harmful sites. Proposed technology is a technology that can continuously track information in a domain using OSINT technology. We tested and verified that the proposed technology was effective for domain tracking with a 90.4% trace rate (sensing 66 changes out of 73 domains).

• The Journal of the Korea Contents Association
• /
• v.22 no.6
• /
• pp.208-222
• /
• 2022

This study analyzes how Princess Deokhye's photos before entering elementary school were exploited in newspapers during the Japanese colonial period by introducing Roland Barthes' semiological methodology for analysis of photography. In the early 1920s, the Japanese imperialists actively exploited Princess Deokhye, who was about to enter elementary school, to propagate their education policy. The Maeil Shinbo cooperated with their policies by publishing photos and articles of Princess Deokhye. In this paper, 2 photos and articles published in Maeilshinbo were analyzed. As a result, it was found that messages were produced that justified Japanese education policy by using various rhetorical techniques of photography and texts complementary to each other, and that the readers were induced to accept them naturally. In conclusion, it was possible to reveal the seriousness of the problem in that these articles were not merely for propaganda of policy, but were to encourage the disappearance of the traditional values of Joseon.

• The Korea Journal of Herbology
• /
• v.28 no.1
• /
• pp.73-82
• /
• 2013

Objectives : Provides research basis on steaming processing method (SPM) as described in literatures 'Roegongpojaron', 'Pojadaebub', and 'Susajinam'. Methods : The following issues were considered for current investigation regarding herbal drugs: (i) categorizing SPM-applied drugs, (ii) protocols on the use of the supporting materials, (iii) kind of supporting materials, (iv) processing periods, (v) part of the herb plants, (vi) herbal efficacy, (vii) intrinsic properties and tastes of the herbal drugs, (viii) meridian tropism of the herbal drugs. Result : The number of herbal drugs was 70 species from 'Roegongpojaron', 73 from 'Pojadaebub', and 66 from 'Susajinam'. The abundance of supporting materials was in the order of alcohol, honey and tofu. The herbal parts of the roots, stem, fruit, and seed were most widely used. Based on herbal efficacy, a drug supplementing invigoration was used most, and a drug eliminating heat followed next. Based on four spirit features, herbs showing warm, cold, and mild features were used. In considering five tastes, herbs showing bitter and sweet tastes were used most. In considering meridian tropism, herbs converging to liver and kidneys were used, and drugs converging to 'Samcho, and gallbladder were not used. Conclusion : The present survey on SPM as described in 'Roegongpojaron', Pojadaebub', and 'Susajinam' indicates that there is a principal specialty on the use of supporting materials, steaming periods, steaming parts and efficacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1267-1277
• /
• 2021

The phone number used for advertising messages and voices used as bait in the voice phishing crime access stage is being used to send out a large amount of illegal loan spam, so we want to quickly block it. In this paper, our system is designed to block the usage of the phone number by rapidly restricting the use of the voice spam phone number that conducts illegal loan spam and voice phishing, and at the same time sends continuous calls to the phone number to prevent smooth phone call connection. The proposed system is a representative collaboration model between an illegal spam reporting agency and an investigation agency. As a result of developing the system and applying it in practice, the number of reports of illegal loaned voice spam and text spam decreased by 1/3, respectively. We can prove the effectiveness of this system by confirming that.