• Title/Summary/Keyword: 로깅

Search Result 185, Processing Time 0.022 seconds

A Design of Timestamp Manipulation Detection Method using Storage Performance in NTFS (NTFS에서 저장장치 성능을 활용한 타임스탬프 변조 탐지 기법 설계)

  • Jong-Hwa Song;Hyun-Seob Lee
    • Journal of Internet of Things and Convergence
    • /
    • v.9 no.6
    • /
    • pp.23-28
    • /
    • 2023
  • Windows operating system generates various logs with timestamps. Timestamp tampering is an act of anti-forensics in which a suspect manipulates the timestamps of data related to a crime to conceal traces, making it difficult for analysts to reconstruct the situation of the incident. This can delay investigations or lead to the failure of obtaining crucial digital evidence. Therefore, various techniques have been developed to detect timestamp tampering. However, there is a limitation in detection if a suspect is aware of timestamp patterns and manipulates timestamps skillfully or alters system artifacts used in timestamp tampering detection. In this paper, a method is designed to detect changes in timestamps, even if a suspect alters the timestamp of a file on a storage device, it is challenging to do so with precision beyond millisecond order. In the proposed detection method, the first step involves verifying the timestamp of a file suspected of tampering to determine its write time. Subsequently, the confirmed time is compared with the file size recorded within that time, taking into consideration the performance of the storage device. Finally, the total capacity of files written at a specific time is calculated, and this is compared with the maximum input and output performance of the storage device to detect any potential file tampering.

Event Log Analysis Framework Based on the ATT&CK Matrix in Cloud Environments (클라우드 환경에서의 ATT&CK 매트릭스 기반 이벤트 로그 분석 프레임워크)

  • Yeeun Kim;Junga Kim;Siyun Chae;Jiwon Hong;Seongmin Kim
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.2
    • /
    • pp.263-279
    • /
    • 2024
  • With the increasing trend of Cloud migration, security threats in the Cloud computing environment have also experienced a significant increase. Consequently, the importance of efficient incident investigation through log data analysis is being emphasized. In Cloud environments, the diversity of services and ease of resource creation generate a large volume of log data. Difficulties remain in determining which events to investigate when an incident occurs, and examining all the extensive log data requires considerable time and effort. Therefore, a systematic approach for efficient data investigation is necessary. CloudTrail, the Amazon Web Services(AWS) logging service, collects logs of all API call events occurring in an account. However, CloudTrail lacks insights into which logs to analyze in the event of an incident. This paper proposes an automated analysis framework that integrates Cloud Matrix and event information for efficient incident investigation. The framework enables simultaneous examination of user behavior log events, event frequency, and attack information. We believe the proposed framework contributes to Cloud incident investigations by efficiently identifying critical events based on the ATT&CK Framework.

A study on the Standardization of Design Guidelines for Geographic Information Databases (지리정보 DB 설계 지침의 표준화 연구)

  • Lim, Duk-Sung;Moon, Sang-Ho;Si, Jong-Ik;Hong, Bong-Hee
    • Journal of Korea Spatial Information System Society
    • /
    • v.5 no.1 s.9
    • /
    • pp.49-63
    • /
    • 2003
  • Recently, two international standard organizations, ISO and OGC, have done the work of standardization for GIS. Current standardization work for providing interoperability among GIS DB focuses on the design of open interfaces. But, this work has not considered procedures and methods for designing GIS DB. Eventually, GIS DB has its own model. When we share the data by open interface among heterogeneous GIS DB, differences between models result in the loss of information. Our aim in this paper is to revise the design guidelines for geographic information databases in order to make consistent spatial data models, logical structures, and semantic structure of populated geographical databases. In details, we propose standard guidelines which convert ISO abstract schema into relation model, object-relation model, object-centered model, and geometry-centered model. Furthermore, we provide sample models for applying these guidelines in commercial GIS S/Ws. Building GIS DB based on design guidelines proposed in the paper has the following advantages: the interoperability among databases, the standardization of schema definitions, and the catalogue of GIS databases through.

  • PDF

Identification of Conductive Fractures in Crystalline Recks (유동성 단열 파악을 위한 암반 내 단열특성 규명)

  • 채병곤;최영섭;이대하;김원영;이승구;김중렬
    • Journal of the Korean Society of Groundwater Environment
    • /
    • v.5 no.2
    • /
    • pp.88-100
    • /
    • 1998
  • Since fractures may serve as major conduits of groundwater flow in crystalline rocks, characterization of conductive fractures is especially important for interpretation of flow system. In this study, characterization of fractures to investigate hydraulically conductive fractures in gneisses at an abandoned mine area was performed. The orientation, width, length, movement sense, infilling materials, spacing, aperture, roughness of both joints and faults and intersection and connectivity to other joints were measured on outcrops. In addition, characteristics of subsurface fractures were examined by core logging in five boreholes, of which the orientations were acquired by acoustic televiewer logging from three boreholes. The dominant fracture sets were grouped from outcrops; GSet 1: N50-82$^{\circ}$E/55-90$^{\circ}$SE, GSet 2: N2-8$^{\circ}$E/56-86$^{\circ}$SE, GSet 3: N46-72$^{\circ}$W/60-85$^{\circ}$NE, GSet 4:Nl2-38$^{\circ}$W/15-40$^{\circ}$SW and from subsurface; HSet 1: N50-90$^{\circ}$E/55-90$^{\circ}$SE, HSet 2: N10-30$^{\circ}$E/50-70$^{\circ}$SE, HSet 3: N20-60$^{\circ}$W/50-80$^{\circ}$NE, HSet 4: N10-50$^{\circ}$E/$\leq$40$^{\circ}$NW. Among them, GSet 1, GSet 3 and HSet 1, HSet 3 are the most intensely developed fracture sets in the study area. The mean fracture spacings of HSet 1 are 30-47cm and code 1 fractures, such as faults and open fractures, comprise 21.0-42.9 percent of the whole fractures in each borehole. HSet 3 shows the mean fracture spacings of 55-57cm and the ratio of code 1 fractures is 15.4-26.9 percent. In spite of the mean fracture spacing of 239cm, code 1 fractures of HSet 4 have the highest ratio of 54.5 percent. From the fact that faults or open fractures have high hydraulic conductivity, it can be inferred that the three fracture sets of N55-85$^{\circ}$E/50-80$^{\circ}$SE, N20-60$^{\circ}$W/50-75$^{\circ}$NE and N10-30$^{\circ}$E/$\leq$30$^{\circ}$NW from a fracture system of relatively high conductivity. It is indirectly verified with geophysical loggings and constant injection tests performed in the boreholes.

  • PDF

Analysis of Groundwater Flow Characterization in Fractured Aquifer System (파쇄대 응회암 대수층의 지하수 유동 특성화 기법)

  • Kim Yong-Je;Kim Tae-Hee;Kim Kue-Young;Hwang Se-Ho;Chae Byung-Gon
    • Journal of Soil and Groundwater Environment
    • /
    • v.10 no.4
    • /
    • pp.33-44
    • /
    • 2005
  • On the basis of a stepwise and careful integration of various field and laboratory methods the analysis of groundwater flow characterization was performed with five boreholes (BH-1, -2, -3, -4, -5) on a pilot site of Natural Forest Park in Guemsan-gun, Chungcheongbook-do, Korea. The regional lineaments of NW-SE are primarily developed on the area, which results in the development of many fractures of NW-SE direction around boreholes made in the test site for the study. A series of surface geological survey, core logging, geophysical logging, tomography, tracer tests, and heat-pulse flowmeter logging were carried out to determine fracture characteristics and fracture connectivity between the boreholes. In the result of fracture connectivity analysis BH-1 the injection well has a poor connectivity with BH-2 and BH-3, whereas a good with BH-4 and BH-5. In order to analyse the hydraulic connectivity between BH-1 and BH-5, in particular, a conspicuous groundwater outflux in the depth of 12 m and influx in the depth of 65 m and 70 m, but partly in/outflux occurred in other depths in BH-5 were observed as pumping from BH-1. On the other hand, when pumping from BH-5 the strong outflux in the depths of 17 m and 70 m was occurred. The spatial connectivity between the boreholes was examined in the depth of 15 m, 67 m, and 71 m in BH-1 as well as in the depth of 15 m, 17 m, 22 m, 72 m, and 83 m in BH-5.