• Korean Security Journal
• /
• no.53
• /
• pp.63-79
• /
• 2017

Defence Security Command is the only military intelligence and investigation agency which is in charge of safeguarding military information and investigating specific crimes such as subversion and disloyalty in military. While the presidential security provided by Defence Security Command, along with Presidential Security Service(PSS) and the police, forms one of three pillars sustaining presidential security, its works and activities have been rarely known to the public due to the military confidentiality. This study looks into some data specialized into the presidential security among works of Defense Security Command by using various resources such as biographies of key people, media reports, and public materials. It reviews the presidential security works in a historical sense that the works have developed and changed in accordance with the historical changes of Defense Security Command, which was rooted in Counter-Intelligence Corps (Teukmubudae in Korean) in 1948 and leads to the present. The study findings are as follows. First, when the Korean War broke out in 1950 and since then the South Korea was under the threat of the North Korean armed forces and left wing forces, Counter-Intelligence Corps(Bangcheopdudae in Korean) took the lead in presidential security more than the police who was in charge of it. Secondly, even after the Presidential Security Office has founded in 1963, the role of the military on presidential security has been extended by changing its titles from Counter-Intelligence Corps to Army Security corps to Armed Forces Security Command. It has developed their provision of presidential security based on the experience at the president Rhee regime when they could successfully guard the president Rhee and the important government members. Third, since the re-establishment into Defence Security Command in 1990, it has added more security services and strengthened its legal basis. With the excellent expertise, it played a pivotal role in the G20 and other state-level events. After the establishment of the Moon Jaeinin government, its function has been reduced or abolished by the National Defense Reform Act. However, the presidential security field has been strengthening by improving security capabilities through reinforcing the organization. This strengthening of the security capacity is not only effective in coping with the current confrontation situation with the hostile North Korean regime, but also is important and necessary in conducting constant monitoring of the military movement and security-threat factors within military during the national security events.

• Korean Security Journal
• /
• no.14
• /
• pp.465-484
• /
• 2007

Our society's modernization created many opportunities for us to need a private investigation service system. Variation of international environment due to joining in the OECD, opportunity of individual legal, collect evidence during judgement, prevention of damage criminal, security of business in company, free trade economy's system etc and don't need to enumerate how important of introduction of private investigation service system. In addition to there are lots of objection opinions, such as possibility of person's private life, invade of lawyer's area, confliction with investigation team, gap of wealth and poverty that make preponderance of information. So this research can be considerate from objective opinion, and can obtain conclusion just like below. First, private detective agencies that encroach on the individual rights will naturally deteriorate after the implementation of private investigation service system. Through this, the probability of civil rights encroachment will be lower, and for this to happen there needs to be a thorough maintenance of the system. Secondly, mutually beneficial solution should be found not by a conflict between two sides. Detective business sector should not cause social confusion from conflicts with other investigation organization such as police, or investigators, rather, it must get on the demand of the diversified citizen and maintain the diverse sector inter-cooperate right, and to do that law and institution must be made for the base. Thirdly, investigation used depending on the gap between wealth and poverty does not mean the actualization of the rights and interests of the citizen. If the duty of investigation sector is to find the evidence and collect or manufacture of the evidence, then the problems which the nation can't handle will be more enlarged and then finally end up with strengthening the capability of national public security demand.

• Journal of Internet of Things and Convergence
• /
• v.9 no.6
• /
• pp.23-28
• /
• 2023

Windows operating system generates various logs with timestamps. Timestamp tampering is an act of anti-forensics in which a suspect manipulates the timestamps of data related to a crime to conceal traces, making it difficult for analysts to reconstruct the situation of the incident. This can delay investigations or lead to the failure of obtaining crucial digital evidence. Therefore, various techniques have been developed to detect timestamp tampering. However, there is a limitation in detection if a suspect is aware of timestamp patterns and manipulates timestamps skillfully or alters system artifacts used in timestamp tampering detection. In this paper, a method is designed to detect changes in timestamps, even if a suspect alters the timestamp of a file on a storage device, it is challenging to do so with precision beyond millisecond order. In the proposed detection method, the first step involves verifying the timestamp of a file suspected of tampering to determine its write time. Subsequently, the confirmed time is compared with the file size recorded within that time, taking into consideration the performance of the storage device. Finally, the total capacity of files written at a specific time is calculated, and this is compared with the maximum input and output performance of the storage device to detect any potential file tampering.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• Journal of Internet Computing and Services
• /
• v.21 no.3
• /
• pp.93-102
• /
• 2020

In order for data obtained through all stages of digital crime investigation to be recognized as evidence capability, it must satisfy legal / technical requirements. In this paper, we propose a mechanism and implement software to provide digital forensic evidence by automatically recovering files by scanning / inspecting the unallocated area inside the storage disk block without relying on information provided by the file system. The proposed technique checks / analyzes the RAW disk data of the system under analysis in 512-byte block units based on information on the storage format / file structure of various files stored on the disk without referring to the file system-related information provided by the operating system. The file carving process was implemented, and a smart carving mechanism was proposed to intelligently restore deleted or damaged files in the storage device. As a result, we have provided a block based smart carving method to intelligently identify fragmented and damaged files in storage efficiently for forgery analysis on digital forensic investigation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.349-356
• /
• 2013

As various features of the smartphone have been used, a lot of information have been stored in the smartphone, including the user's personal information. However, a frequent update of the operating system and applications may cause a loss of data and a risk of missing important personal data. Thus, the importance of data backup is significantly increasing. Many users employ the backup feature to store their data securely. However, in the point of forensic view these backup files are considered as important objects for investigation when issued hiding of smartphone or intentional deletion on data of smartphone. Therefore, in this paper we propose a scheme that analyze structure and restore data for Kies backup files of Samsung smartphone which has the highest share of the smartphone in the world. As the experimental results, the suggested scheme shows that the various types of files are analyzed and extracted from those backup files compared to other tools.

• Korean Security Journal
• /
• no.25
• /
• pp.27-61
• /
• 2010

This study looks at plans for the efficient functions of the current terror response system in Korea. The results are derived from by comparing and analyzing American, British, German, Japanese, and Korean terror response systems. It focuses especially on addressing some problems with Korea's terror response system and how to operate it effectively. The study will systematically compare and analyze each nation's terror countermeasure studying organizational, functional, and legal aspects as standards. This study shows that there is not an exclusive terror response center in Korea compared with other nations such as America, the United Kingdom, Germany, and Japan. Also it is difficult to expect effective and vigorous operations due to weak cooperation across the relevant organizations. The presidential directive of the state's anti-terrorism action guidelines is legally ineffective. This means that on legal grounds, it is difficult to take actions to prevent the terrorism. Therefore, keys to counteracting terrorism derived from this study are summarized below. In the first place, an integrated terror response system should be set up for expansion of information sharing which leads to emergence effect. In the second place, the superior legislative systems should be made for the cleardefinition and extent of what the terror is, rigid enforcement of investigation, immigration, and keeping an eye on the funds raised by terrorists and tracking down the terrorists, the plan for eco-terrorism. In the third place, to augment security of vital facilities and peoples' awareness of terrorism safety should be emphasized and a cooperative system between civil and government organizations need to be built. In the fourth place, system for crisis management must be provided in an effort to maximize management system of terrorism and unify a decentralized emergency countermeasures effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.827-839
• /
• 2012

A cell phone is very close to the user and therefore should be considered in digital forensic investigation. Recently, the proportion of smartphone owners is increasing dramatically. Unlike the feature phone, users can utilize various mobile application in smartphone because it has high-performance operating system (e.g., Android, iOS). As acquisition and analysis of user data in smartphone are more important in digital forensic purposes, smartphone forensics has been studied actively. There are two way to do smartphone forensics. The first way is to extract user's data using the backup and debugging function of smartphones. The second way is to get root permission, and acquire the image of flash memory. And then, it is possible to reconstruct the filesystem, such as YAFFS, EXT, RFS, HFS+ and analyze it. However, this methods are not suitable to recovery and analyze deleted data from smartphones. This paper introduces analysis techniques for fragmented flash memory pages in smartphones. Especially, this paper demonstrates analysis techniques on the image that reconstruction of filesystem is impossible because the spare area of flash memory pages does not exist and the pages in unallocated area of filesystem.

• The Korean Journal of Air & Space Law and Policy
• /
• v.21 no.2
• /
• pp.157-179
• /
• 2006

According to the Annex 17 to the Convention on International Civil Aviation, an appropriate authority of each contracting state has to define and allocate tasks and coordinate activities between the departments, agencies and other organizations of the State, airport and aircraft operators and other entities concerned with or responsible for the implementation of various aspects of the national civil aviation security programme. The airport has to take leading role in implementing security tasks at airport area because the airport operator is the provider of airport facilities and services to its customer and the security activities belong to its services. So Republic of Korea Government enact the Law, Aviation Safety and Security. The Purpose of this Act is to prevent any unlawful act in airport facilities with international conventions, including the ICAO to provide for standards, procedures and mandatory matters needed to ensure the safety and security of civil aviation. But the Act has some error. So is this paper to review the revision of aviation security regulation and the changes of aviation security responsibilities and task assignment. There is the term "aviation security personnel", who are charged with the task of preventing any act of disrupting the order and safety in airport. But there is no term "security screening personnel" who performs to detect or search for dangerous object, such as weapons or explosives, which may be used for the unlawful obstruction.

• Korean Security Journal
• /
• no.44
• /
• pp.85-116
• /
• 2015

Found in 23 Dec 1953 to cope with illegal fishing of foreign ships and coastal guard duty, Korea Coast Guard was re-organized as an office under Ministry of Public Safety since the outbreak of sinking of passenger ship "Sewolho". In the course of re-organization, intelligence and investigation duty were transferred to Police Department except "Cases happened on the sea". But the definition of intelligence duty is vague and there are lots of disputes over the jurisdiction and range of activities. With this situation in consideration, the object of this study is to analyse legal and institutional characteristic of KCG Intelligence, to compare them to that of Police Department, foreign agencies like Japan Coast Guard and US Coast Guard, to expose the limit and to suggest solution. To summarize the conclusion, firstly, in the legal side, there is no legal basis on intelligence in [The Government Organization Act], no regulation for mission, weak basis in application act. Secondly, in the institutional side, stated in the minor chapter of [The Government Organization Act], 'the cases happened on sea' is a quite vague definition, while guard, safety, maritime pollution duty falls under 'on the sea' category, intelligence fell to 'Cases happened on the sea' causing coast guard duty and intelligence have different range. In addition, reduced organization and it's manpower led to ineffective intelligence activities. In the case of Police Department, there is definite lines on 'administration concerning public security' in [The Government Organization Act], specified the range of intelligence activities as 'collect, make and distribute information concerning public security' which made the range of main duty and intelligence identical. Japanese and US coast guards also have intelligence branch and performing activities appropriate for the main missions of the organizations. To have superiority in the regional sea, neighboring countries Japan and China are strengthening on maritime power, China has launched new coast guard bureau, Japan has given the coast guard officers to have police authority in the regional islands, and to support the objectives, specialized intelligence is organized and under development. To secure maritime sovereignty and enhance mission capability in maritime safety duty, it is strongly recommended that the KCG intelligence should have concrete legal basis, strengthen the organization and mission, reinforce manpower, and ensure specialized training administrative system.