• Journal of forensic and investigative science
• /
• v.1 no.2
• /
• pp.5-19
• /
• 2006

Data mining is an information extraction activity to discover hidden facts contained in databases. Using a combination of machine learning, statistical analysis, modeling techniques and database technology, data mining finds patterns and subtle relationships in data and infers rules that allow the prediction of future results. Typical applications include market segmentation, customer profiling, fraud detection, evaluation of retail promotions, and credit risk analysis. Law enforcement agencies deal with mass data to investigate the crime and its amount is increasing due to the development of processing the data by using computer. Now new challenge to discover knowledge in that data is confronted to us. It can be applied in criminal investigation to find offenders by analysis of complex and relational data structures and free texts using their criminal records or statement texts. This study was aimed to evaluate possibile application of data mining and its limitation in practical criminal investigation. Clustering of the criminal cases will be possible in habitual crimes such as fraud and burglary when using data mining to identify the crime pattern. Neural network modelling, one of tools in data mining, can be applied to differentiating suspect's photograph or handwriting with that of convict or criminal profiling. A case study of in practical insurance fraud showed that data mining was useful in organized crimes such as gang, terrorism and money laundering. But the products of data mining in criminal investigation should be cautious for evaluating because data mining just offer a clue instead of conclusion. The legal regulation is needed to control the abuse of law enforcement agencies and to protect personal privacy or human rights.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.863-872
• /
• 2017

Digital material transferred to the court for litigation shall be disposed by the procedure in the court records management regulations and the digital material collected by the investigator in order to prove the suspect's allegation shall be disposed by the Supreme Public Prosecutor's Regulation No.876(digital material's regulation of collection, examine and management). the court ordered the disposal of digital material that is the subject of litigation based on the related laws when criminal lawsuits and civil lawsuits are finalized. however, there is no specific procedure to enforce the disposal order of the court, and the enforcement order stipulates that the enforcement agent is not a professional officer who has proven expertise but a related public official. there is a problem in the enforcement of digital material that the court ordered to disposal because it is not specified. therefore, this is paper proposes a procedure for effectively enforcing the court's order to revoke digital material.

• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10c
• /
• pp.312-314
• /
• 1999

키복구는 암호화 제품의 사용자가 암호화키를 분실하여 데이터를 복호화할 수 없을 때 데이터를 복구하거나 수사기관등이 합법적인 절차로 암호화된 데이터를 복호화하기 위한 수단이다. 정보보호의 중요성에 대한 인식이 확대되어 앞으로 많은 종류의 암호화 제품이 개발될 것으로 예상되기 때문에 다양한 키복구 기술의 개발과 키복구 기술가느이 호환성의 해결이 시급한 실정이다. 본고에서는 공개키 방식에 기반을 둔 전자상거래와 전자정부등에서 채택할 수 있는 인캡슐레이션 키복구 기술과 이를 위한 절차에 관하여 논한다. 공개키기반구조에서 키복구는 사용자와 법집행기관 모두의 요구를 충족시켜야 한다. 키복구기관을 인증관리센터의 관리하에 두고 인증관리센터가 인증하는 키복구기관의 공개키를 이용하여 키복구필드를 생성하는 인캡슐레이션 기술을 사용함으로서 사용자는 자신이 직접 세션키를 제어할 수 있는 장점이 있고 법집행기관도 필요한 경우에 언제나 사용자의 세？키를 복호화할수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.293-302
• /
• 2015

With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.123-131
• /
• 2015

Bright development of information communication is caused by usabilities and another case to our society. That is, the surveillance which is unlimited to electronic equipment is becoming a transfiguration to a possible society, and there is case that was able to lay in another disasters if manage early error. Be what is living on at traps of surveillance through the Smart phones which a door of domicile is built, and the plane western part chaps, and we who live on in these societies are installed to several places, and closed-circuit cameras (CCTV-Closed Circuit Television) and individual use. On one hand, while the asset value which was special of enterprise for marketing to enterprise became while a collection was easily stored development of information communication and individual information, the early body which would collect illegally was increased, and affair actually very occurred related to this. An investigation agency is endeavored to be considered the digital trace that inquiry is happened by commission act to the how small extent which can take aim at a duty successful of the inquiry whether you can detect in this information society in order to look this up. Therefore, procedures to be essential now became while investigating affair that confiscation search regarding employment trace of a computer or the telephone which delinquent used was procedural, and decisive element became that dividing did success or failure of inquiry whether you can collect the act and deed which was these electronic enemy. By the way, at this time a lot of, in the investigation agencies the case which is performed comprehensively blooms attachment while rummaging, and attachment is trend apprehension to infringe discretion own arbitrary information rising. Therefore, a lot of nation is letting you come into being until language called exile 'cyber' while anxiety is exposed about comprehensive confiscation search of the former information which an investigation agency does. Will review whether or not there is to have to set up confiscation search ambit of electronic information at this respect how.

• Korean Security Journal
• /
• no.48
• /
• pp.259-285
• /
• 2016

As the need for anti-terrorism legislation has been continuously argued, Anti-terrorism act has been enacted and enforced. On the other hand, there still remain a lot of points to be discussed regarding the definition of the concept of terrorism, matters of human rights violations, strengthening authority of the investigation and intelligence agencies, and mobilization military forces for the suppression of terrorism. Also, reviewing Anti-terrorism act and its enforcement ordinance draft, this legislation seems to regulate terrorist groups like IS. If so, in the case of terrorism of North Korea or domestic anti-government organizations, whether this law would be applied could become an issue. In the case of terrorism of North Korea, Ministry of National Defense has a right of commandership in the military operations, however, it is also possible to apply the article 4 of Natural Security Act a crime of performing objective-or a crime of foreign exchange on Criminal law as legal grounds for not military terrorisms but general investigations. Therefore, it is necessary to involve consideration about this matter. Furthermore, in the view of investigation, Anti-terrorism act and its enforcement ordinance draft do not mention Supreme Prosecutors Office and Ministry of Justice that conduct investigations. In the case of terrorism, the police and prosecution should conduct to arrest criminals and determine crimes at the investigation stage, however, any explicit article related to this content in Anti-terrorism act and its enforcement ordinance draft was unable to be found. Although Anti-terrorism act is certainly toward preventive aspects, considering some matters such as prevention, actions on the scene, maneuver after terrorism, arresting terrorists, investigation direction, cooperation, and mutual assistance, it is necessary to reflect these contents in Anti-terrorism act. In other words, immediately after terrorists attacks, it is possible to mobilize the military operations by Integrated Defense act in order to arrest them in the case of military terrorism. Nevertheless, because both military terrorism and general one are included in the investigation stage, it needs to begin an investigation under the direction of the prosecution. Therefore, above all, a device for finding out the truth behind the case at the investigation stage is not reflected in the current Anti-terrorism act and its enforcement ordinance draft. Accordingly, if National Intelligence Service approaches information at the prevention level in this situation, it may be necessary to come up with follow-up measures of the police, the prosecution, and military units.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.723-736
• /
• 2022

Steganography is being used as a means of secret communication for crimes that threaten national security such as terrorism and espionage. With the development of computers, steganography technologies develop and criminals produce and use their own programs. However, the research for steganography is not active because detailed information on national security cases is not disclosed. The development of investigation technologies and the responses of criminal law are insufficient. Therefore, in this paper, the detection and decoding process was examined for steganography investigation, and the method was analyzed for 'the spy case of Pastor Kim', who was convicted by the Supreme Court. Multiple security devices were prepared using symmetric steganography using the pre-promised stego key. Furthermore, the three criminal legal issues: (1) the relevance issue, (2) the right to participate, and (3) the public trial issue a countermeasure were considered in national security cases. Through this paper, we hope that the investigative agency will develop analysis techniques for steganography.

• Journal of Intelligence and Information Systems
• /
• v.14 no.2
• /
• pp.179-192
• /
• 2008

This case study shows constructing the knowledge-based system using a rule-based approach for detecting illegal transactions regarding money laundering in the Korea Financial Intelligence Unit (KoFIU). To better manage the explosive increment of low risk suspicious transactions reporting from financial institutions, the adoption of a knowledge-based system in the KoFIU is essential. Also since different types of information from various organizations are converged into the KoFIU, constructing a knowledge-based system for practical use and data management regarding money laundering is definitely required. The success of the financial information system largely depends on how well we can build the knowledge-base for the context. Therefore we designed and constructed the knowledge-based system for anti-money laundering by committing domain experts of each specific financial industry co-worked with a knowledge engineer. The outcome of the knowledge base implementation, measured by the empirical ratio of Suspicious Transaction Reports (STRs) reported to law enforcements, shows that the knowledge-based system is filtering STRs in the primary analysis step efficiently, and so has made great contribution to improve efficiency and effectiveness of the analysis process. It can be said that establishing the foundation of the knowledge base under the entire framework of the knowledge-based system for consideration of knowledge creation and management is indeed valuable.

• Journal of the Korean Society for information Management
• /
• v.38 no.2
• /
• pp.251-276
• /
• 2021

In 2021, the Korean National Police Agency is facing a critical time as it meets a period of drastic changes such as the introduction of autonomous police system, the reform of its criminal investigation system, and its great transformation to a truly responsible investigative agency in keeping with the inauguration of the National Office of Investigation. This study carries out PEST analysis, which is a macro environmental analysis technique, and examines the current situation of operating the libraries of metropolitan-city and provincial police agencies and affiliated institutions, in order to suggest the role and function of the Korean National Police Agency's libraries in the fourth industrial revolution era. Based on the findings, this study classifies the essential components of a library into facilities, books, and librarians, i.e. spatial composition, book composition, and human resources, in addition to library operational governance establishment and future-oriented library services; and proposes the future-oriented roles of the National Police Agency's libraries in the fourth industrial revolution era.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.851-868
• /
• 2012

After the financial crisis in 2008, the financial market still seems to be unstable with expanding the insolvency of the financial companies' real estate project financing loan in the aftermath of the lasted real estate recession. Especially after the illegal actions of people's financial institutions disclosed, while increased the anxiety of economic subjects about financial markets and weighted in the confusion of financial markets, the potential risk for the overall national economy is increasing. Thus as economic recession prolongs, the people's financial institutions having a weak profit structure and financing ability commit illegal acts in a variety of ways in order to conceal insolvent assets. Especially it is hard to find the loans of shareholder and the same borrower sharing credit risk in advance because most of them usually use a third-party's name bank account. Therefore, in order to effectively detect the fraud under other's name, it is necessary to analyze by clustering the borrowers high-related to a particular borrower through an analysis of association between the whole borrowers. In this paper, we introduce Analysis Techniques for detecting financial loan frauds in advance through an analysis of association between the whole borrowers by extending SNA(social network analysis) which is being studied by focused on sociology recently to the forensic accounting field of the financial frauds. Also this technique introduced in this pager will be very useful to regulatory authorities or law enforcement agencies at the field inspection or investigation.