• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.223-230
• /
• 2013

Recently, a large number of corporations are adopting cloud solution in order to reduce IT-related costs. By the way, Digital Trace should have admissibility to be accepted as digital evidence in court, and integrity is one of the factors for admissibility. In this context, this research implemented integrity verification test to VM Data which was collected by well-known private cloud solutions such as Citrix, VMware, and MS Hyper-V. This paper suggests the effective way to verify integrity of VM data collected in private cloud computing environment based on the experiment and introduces the error that EnCase fails to mount VHD (Virtual Hard Disk) files properly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.57-67
• /
• 2013

Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.573-583
• /
• 2015

Amcache.hve file is a registry hive file regarding Program Compatibility Assistant, which stores the executed information of applications. With Amcache.hve file, We can know execution path, first executed time as well as deleted time. Since it checks both the first install time and deleted time, Amcache.hve file can be used to draw up the overall timeline of applications when used with the Prefetch files and Iconcache.db files. Amcache.hve file is also an important artifact to record the traces of anti-forensic programs, portable programs and external storage devices. This paper illustrates the features of Amcache.hve file and methods for utilization in digital forensics such as estimation of deleted time of applications.

• Conservation Science in Museum
• /
• v.24
• /
• pp.55-74
• /
• 2020

The Sacred Bell of Great King Seongdeok is required digital precision recording of conservation conditions because of corrosion and partial abrasion of its patterns and inscriptions. Therefore, this study performed digital documentation of the bell using four types of scanning and unmanned aerial vehicle (UAV) photogrammetry technologies, and performed the various shape analyses through image processing. The modeling results of terrestrial laser scanning and UAV photogrammetry were merged and utilized as basic material for monitoring earthquake-induced structural deformation because these techniques can construct mutual spatial relationships between the bell and its tower. Additionally, precision scanning at a resolution four to nine times higher than that of the previous study provided highly valuable information, making it possible to visualize the patterns and inscriptions of the bell. Moreover, they are well-suited as basic data for identifying surface conservation conditions. To actively apply three-dimensional scanning results to the conservation of the original bell, the time and position of any changes in shape need to be established by further scans in the short-term. If no change in shape is detected by short-term monitoring, the monitoring should continue in medium- and long-term intervals.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.827-839
• /
• 2012

A cell phone is very close to the user and therefore should be considered in digital forensic investigation. Recently, the proportion of smartphone owners is increasing dramatically. Unlike the feature phone, users can utilize various mobile application in smartphone because it has high-performance operating system (e.g., Android, iOS). As acquisition and analysis of user data in smartphone are more important in digital forensic purposes, smartphone forensics has been studied actively. There are two way to do smartphone forensics. The first way is to extract user's data using the backup and debugging function of smartphones. The second way is to get root permission, and acquire the image of flash memory. And then, it is possible to reconstruct the filesystem, such as YAFFS, EXT, RFS, HFS+ and analyze it. However, this methods are not suitable to recovery and analyze deleted data from smartphones. This paper introduces analysis techniques for fragmented flash memory pages in smartphones. Especially, this paper demonstrates analysis techniques on the image that reconstruction of filesystem is impossible because the spare area of flash memory pages does not exist and the pages in unallocated area of filesystem.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.5
• /
• pp.602-609
• /
• 2016

In a smart society, politicians analyze the big data of voters to build a favorable political positions. In other words, a variety of digital footprints uploaded in SNS or Internet are used to set the election strategies and political directions. In comparison, it is difficult for voters to extract intention information about how politicians are performing a political acts. Therefore, it is important that voters need to analyze what intention of politicians are like for two way interaction between voters and politicians. For this, in this paper, we want to do the identification by analyzing IT technologies to narrative styles of politicians who pursue relative advantages or gains compared to other competitors. The experiments will be carried out to identify about what relative advantages compared to other competitors by narrative styles of next presidential candidates who are expected to run into the next presidential election by analyzing the usual audio interviews.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.541-547
• /
• 2019

As leakage cases of personal information increase, the concern of personal information protection is also increasing. As a result, most applications encrypt and store sensitive information such as personal information. Especially, in case of instant messengers, it is more difficult to find database where is not encrypted and stored. However, this kind of database encryption acts as anti-forensic from the point of view of digital forensic investigation. In this paper, we analyze database encryption process of MalangMalang Talkcafe application which is one of instant messenger. Based on our analysis, we propose a decryption method and explain the meaningful information collected in the database.

• The Korean Journal of Archival Studies
• /
• no.52
• /
• pp.241-275
• /
• 2017

This study reinterprets the meaning of the record contents from the viewpoint of the record continuum to find ways to enhance the usability of records that are emphasized by the electronic record environments. In general, in academic discussions and practical examples, record contents are recognized as digital media produced by putting a high level of computer technologies and a big budget based on some records related to specific subjects. To enhance the usability of, and spread the meaning through, records, it is necessary to shift the awareness in record contents. For this purpose in Chapter 2, to grasp the meanings of the church records as well as the utilization direction, it is necessary to analyze the organization and function. Therefore, the analysis of the organization and function of the church was examined. In Chapter 3, this study attempted to find the meaning of the contents of church records in each dimension of the record continuum in relation to the mission of the church, which was identified through the organization and function analysis of the church. In Section 3, which corresponds to Dimension 4, the meaning of church record contents is diversified in society. In the end, this study suggests that the meaning and use value of records can be found in everyday life and can then be spread to society as well.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.123-131
• /
• 2015

Bright development of information communication is caused by usabilities and another case to our society. That is, the surveillance which is unlimited to electronic equipment is becoming a transfiguration to a possible society, and there is case that was able to lay in another disasters if manage early error. Be what is living on at traps of surveillance through the Smart phones which a door of domicile is built, and the plane western part chaps, and we who live on in these societies are installed to several places, and closed-circuit cameras (CCTV-Closed Circuit Television) and individual use. On one hand, while the asset value which was special of enterprise for marketing to enterprise became while a collection was easily stored development of information communication and individual information, the early body which would collect illegally was increased, and affair actually very occurred related to this. An investigation agency is endeavored to be considered the digital trace that inquiry is happened by commission act to the how small extent which can take aim at a duty successful of the inquiry whether you can detect in this information society in order to look this up. Therefore, procedures to be essential now became while investigating affair that confiscation search regarding employment trace of a computer or the telephone which delinquent used was procedural, and decisive element became that dividing did success or failure of inquiry whether you can collect the act and deed which was these electronic enemy. By the way, at this time a lot of, in the investigation agencies the case which is performed comprehensively blooms attachment while rummaging, and attachment is trend apprehension to infringe discretion own arbitrary information rising. Therefore, a lot of nation is letting you come into being until language called exile 'cyber' while anxiety is exposed about comprehensive confiscation search of the former information which an investigation agency does. Will review whether or not there is to have to set up confiscation search ambit of electronic information at this respect how.

• Journal of Biomedical Engineering Research
• /
• v.25 no.5
• /
• pp.329-334
• /
• 2004

The electronic nose (E-nose) recently finds its applications in medical diagnosis, specifically on detection of diabetes, pulmonary or gastrointestinal problem, or infections by examining odors in the breath or tissues with its odor characterizing ability. The odor recognition performance of E-nose can be improved by manipulating the sensor array responses of vapors in time-profile forms. The different chemical interactions between the sensor materials and the volatile organic compounds (VOC's) leave unique marks in the signal profiles giving more information than collection of the conventional piecemal features, i.e., maximum sensitivity, signal slopes, rising time. In this study, to use them in vapor recognition task conveniently, a novel time-profile method was proposed, which is adopted from digital image pattern matching. The degrees of matching between 8 different vapors were evaluated by using the proposed method. The test vapors are measured by the silicon-based gas sensor array with 16 CB-polymer composites installed in membrane structure. The results by the proposed method showed clear discrimination of vapor species than by the conventional method.