• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.89-98
• /
• 2007

We have come a long way in the information age. Thanks to the advancement of such technologies as the internet, we have discovered new ways to convey information on a broader scope. However, negative aspects exist as is with anything else. These may include invasion of privacy over the web, or identity theft over the internet. What is more alarming is that malwares so called 'maliciouscodes' are rapidly spreading. Its intent is very destructive which can result in hacking, phishing and as aforementioned, one of the most disturbing problems on the net, invasion of privacy. This thesis describes the technology of how you can effectively analyze and detect these kind of malicious codes. We propose sequencial hybrid analysis for API calls that are hooked inside user-mode and kernel-level of Windows. This research explains how we can cope with malicious code more efficiently by abstracting malicious function signature and hiding attribute.

• Journal of the Korea Convergence Society
• /
• v.13 no.5
• /
• pp.187-193
• /
• 2022

Domestic violence in our society is where the abuser and the abuser live in the same space. Problems are left unresolved in families where abuse is reproducing. Domestic violence can be viewed as a crime that violates and tramples human rights. They rely solely on family support networks for solutions to domestic violence. The physical, emotional, and psychological pain and wounds that victims of domestic violence must endure are too deep. In order to help victims of domestic violence, case management services that can provide long-term and attentive help in the neighborhood or community are needed. For this, prevention and treatment of domestic violence should be considered together. And the interest and professional role of the community must follow.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.97-107
• /
• 2023

With the popularization of digital devices in the era of the 4th industrial revolution and the increase in cyber crimes targeting them, the importance of securing digital data evidence is emerging. However, the difficulty in securing digital data evidence is due to the use of anti-forensic techniques that increase analysis time or make it impossible, such as manipulation, deletion, and obfuscation of digital data. Such anti-forensic is defined as a series of actions to damage and block evidence in terms of digital forensics, and is classified into data destruction, data encryption, data concealment, and data tampering as anti-forensic techniques. Therefore, in this study, anti-forensic techniques are categorized into data concealment and deletion (obfuscation and encryption), investigate and analyze recent research trends, and suggest future anti-forensic research directions.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.121-130
• /
• 2022

Recently, as soldiers are allowed to use mobile phones, cases are frequently transferred from the police to the military due to criminal acts, and digital evidence is collected separately from the reliability of previous investigations, such as overlapping seizure and search procedures. In this study, through in-depth interviews with practitioners in charge of digital evidence in the military, police, and courts, problems related to digital evidence handling, such as infringement of evidence ability due to overlapping human factors and procedures, are derived and analyzed. The presented procedure verified the effectiveness of the procedure through case analysis, and is expected to contribute to the guarantee of the evidence capacity of digital evidence and the efficiency of handling cases.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.579-585
• /
• 2023

The purpose of this study is to explore keywords within stalking-related news articles according to political orientation through the text network analysis, and then to examine the implicit intentions. Selecting total 1,607 articles including 824 articles of the conservative press(The Chosun Ilbo, The Joongang Ilbo) and 783 articles of the progressive press(The Hankyoreh, The Kyunghyang Shinmun) reported from January 1, 2018 to December 31, 2022, this study explored the aspect of topic category drawn through the topic modeling technique based on LDA(Latent Dirichlet Allocation). In the results of this study, the common topics of the conservative and progressive press were improvement of the perception of gender-based violence, personal protection & intensity of punishment, and disclosure of stalkers' personal information. Regarding the topics differently shown in those two press, the conservative press showed stalkers' harmful act, and outline of 'murder case at Sindang Station' while the progressive press showed request for aggravated punishment on the 'murder case at Sindang Station', and eradication of sexual exploitation crime (in cyber space). The results of this study imply that there are changes in the type of reporting according to ideological opinions about stalking in news articles.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.753-760
• /
• 2023

KakaoTalk has the highest market share among domestic messengers. As such, KakaoTalk's conversation content is an important evidence in digital forensics, and the conversation is stored in the form of an encrypted database on a user's device. In addition, macOS has the characteristic that it is difficult to access because the disk encryption function is basically activated. The decryption method of the KakaoTalk database for Windows has been studied, but the decryption method has not been studied for KakaoTalk for macOS. In this paper, research the decryption method of the KakaoTalk database for macOS and a way to Brute-Force plan using the characteristics of KakaoTalk's UserID and compare it with KakaoTalk for Windows to examine the commonalities and differences. The results of this paper are expected to be used to analyze users' actions and events when investigating crimes using macOS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.721-736
• /
• 2023

The Command and Control Framework was developed for penetration testing and education purposes, but threat actors such as cybercrime groups are abusing it. From a cyber threat hunting perspective, identifying Command and Control Framework servers as well as proactive responding such as blocking the server can contribute to risk management. Therefore, this paper proposes a methodology for tracking the Command and Control Framework in advance. The methodology consists of four steps: collecting a list of Command and Control Framework-related server, emulating staged delivery, extracting botnet configurations, and collecting certificates that feature is going to be extracted. Additionally, experiments are conducted by applying the proposed methodology to Cobalt Strike, a commercial Command and Control Framework. Collected beacons and certificate from the experiments are shared to establish a cyber threat response basis that could be caused from the Command and Control Framework.

• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.67-76
• /
• 2024

Small and medium-sized enterprises play a fundamental role in the foundation of our country's industry and economy, and most technological innovations occur in small and medium-sized enterprises rather than large corporations. Technology development and innovation are the only way for small and medium-sized enterprises to survive in a fiercely competitive environment, so they focus on it, but interest and investment in technology protection tend to be stingy. As a result, industrial technology leakage accidents occur frequently, and it is difficult to meet improvement measures. When a leak occurs, digital evidence is required to prove criminal activity, but problems such as digital evidence being damaged or deleted due to management loopholes often occur. Therefore, through this study, we aim to design a digital evidence-based countermeasure depending on the type of technology leak accident. We will classify the types of technology leak incidents that actually occurred and study ways to secure digital evidence in the security environment of small and medium-sized businesses that operate internal information leak prevention solutions.

• Korean Security Journal
• /
• no.37
• /
• pp.137-163
• /
• 2013

This research will incorporate cases from U.S public schools to analyze the factors which influences the security within the school and efficient security patterns to suggest an adequate suggestion to elevate domestic school security system. This study is divided into two following models: a serious criminal offense model, which considers crimes occurred on campus as subordinate variables, and a school violence model, which considers as subordinate variables after limiting an act of delinquency and an a group action that can harm the safety of students, although they are not included in the categories of crimes. First, from analyzing the factors which influences security within school, the explanation power of serious crime offense safety model and school violence safety model is measured 12% and 11.3%. In serious crime offense safety model, the safety education for students, among the safety programs provided by schools(t=2.548, p=0.011), parent participation to school management(t=10.694, p=0.000), Security activities on campus(t=3.643, p=0.000), and CPTED activity(t=6.467, p=0.000) are statistically significant, as affecting factors on the safety from serious crimes. Similarly in school violence model, the safety education for students, among the safety programs provided by schools(t=3.228, p=0.001), parent participation to school management(t=12.034, p=0.000), security activities on campus(t=2.663, p=0.000), and CPTED activity(t=3.928, p=0.000) are statistically significant, as affecting factors on the safety from school violence. Second, according to the analytic results on figuring out the optimal pattern to heighten the security activities, the serious offence model's explanatory power was 4.4% and school violence safety model rated 3.9%. With the serious offense safety model, the activity factors which showed statistically significant in influencing safety from serious offenses were cooperation with local police force (t=2112, p=0.035), school policy management (t=3.309, p=0.001), security patrolling activity (t=2.548, p=0.011). In the school violence model, security activities initiated by the school which showed statistically significant from serious offenses were cooperation with local police force (t=2.364, p=0.018) and policy management (t=4.142, p=0.000). In accordance with the result of this study, education for students rather than education for teachers is more positive in terms of the safety on campus, and parent participation, like education, is consistently needed for the safety on campus. In case of CPTED activity, reinforcing plans should be prepared by intactly accepting examples in the USA. In case of security activity, plans that can increase visibility and reinforce cooperation with local police in a smooth way will provide a positive effect to the safety on campus.

• The Korean Journal of Air & Space Law and Policy
• /
• v.29 no.1
• /
• pp.33-66
• /
• 2014

While the numbers of overseas travelers has been increased rapidly each year, the numbers of passengers in the aircraft also has continued to be increased gradually. In the mist of these increasing numbers, such accidents as threatening an aircraft safety like riot, aircraft hijacking and terrorism have happened constantly. In these circumstances, South Korean government has prescribed "Aviation on Security Act" in accordance with the Convention on International Civil Aviation and other international agreements. This act aims to prevent illegal activities and illegal items on the aircraft to ensure the safety and security of civil aviation. However, this act is not sufficiently regulating all the illegal crimes and illegal items on the flight. For the worse, there is a lack of effective supervisory capacity. Likewise, the inherent problems of the current laws relating to the prevention of the illegal items on the aircraft are appearing on the surface continually. Above all, illegal items on the aircraft are directly connected to the issue of aviation safety and security as well as a safe utilization of the flight service. Thus, when there occurs a serious accident on board, it surely would be led to a huge economic loss not mentioning the loss of lives following the accident. Therefore safety of the flight passengers cannot be guaranteed without ensuring the safety of aircraft facilities and good supervisory mechanism of illegal items on the aircraft. Accordingly, establishing a safe operation order tends to influence economy and tourism of a country in no small measure. Therefore, it is an urgent issue to settle down a reasonable and adequate supervisory regulations regarding the prevention of the illegal items on the aircraft. Consequently, in this article, I studied on a reasonal and effective mechanism to control the prevention of the illegal items and illegal acts on the aircraft in order to ensure a safety and security of civil aircraft.