• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.827-839
• /
• 2012

A cell phone is very close to the user and therefore should be considered in digital forensic investigation. Recently, the proportion of smartphone owners is increasing dramatically. Unlike the feature phone, users can utilize various mobile application in smartphone because it has high-performance operating system (e.g., Android, iOS). As acquisition and analysis of user data in smartphone are more important in digital forensic purposes, smartphone forensics has been studied actively. There are two way to do smartphone forensics. The first way is to extract user's data using the backup and debugging function of smartphones. The second way is to get root permission, and acquire the image of flash memory. And then, it is possible to reconstruct the filesystem, such as YAFFS, EXT, RFS, HFS+ and analyze it. However, this methods are not suitable to recovery and analyze deleted data from smartphones. This paper introduces analysis techniques for fragmented flash memory pages in smartphones. Especially, this paper demonstrates analysis techniques on the image that reconstruction of filesystem is impossible because the spare area of flash memory pages does not exist and the pages in unallocated area of filesystem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.885-894
• /
• 2016

As smartphones become more common, anybody can take pictures and record videos easily nowadays. Video files taken from smartphones can be used as important clues and evidence. While you analyze video files taken from smartphones, there are some occasions where you need to prove that a video file was recorded by a specific smartphone. To do this, you can utilize various fingerprint techniques mentioned in existing research. But you might face the situation where you have to strengthen the result of fingerprinting or fingerprint technique can't be used. Therefore forensic investigation of the smartphone must be done before fingerprinting and the database of metadata of video files should be established. The artifacts in a smartphone after video recording and the database mentioned above are discussed in this paper.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.185-194
• /
• 2007

WiBro has become intentionally standardize as IEEE 802.16e. This WiBro service has been started by a portable internet at home as well as abroad. In this paper, an offender hacker do not direct attack on system on system that It marched an attack directly in damage system because a place oneself in mobile station of portable internet WiBro and avoid to attack hacker's system. At this time, a mobile make use of network inspection policy for back-tracking based on log data. Used network log audit, and presented TCP/IP bases at log bases as used algorithm, the SWT technique that used Thumbprint Algorithm. Timing based Algorithm, TCP Sequence number. Study of this paper applies algorithm to have been progressed more that have a speed to be fast so that is physical logical complexity of configuration of present Internet network supplements a large disadvantage, and confirm an effective back-tracking system. result of research of this paper contribute to realize a back-tracking technique in ubiquitous in WiBro internet network.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.1
• /
• pp.27-34
• /
• 2021

In this paper, we propose a copyright protection scheme for real-time streaming of HEVC(High Efficiency Video Coding) based realistic content. Previous research uses encryption and modular operation for copyright pre-protection and copyright post-protection, which causes delays in ultra high resolution video. The proposed scheme maximizes parallelism by using thread pool based DRM(Digital Rights Management) packaging with only HEVC's CABAC(Context Adaptive Binary Arithmetic Coding) codec and GPU based high-speed bit operation(XOR), thus enabling real-time copyright protection. As a result of comparing this scheme with previous research at three resolutions, PSNR showed an average of 8 times higher performance, and the process speed showed an average of 18 times difference. In addition, as a result of comparing the robustness of the forensic mark, the filter and noise attack, which showed the largest and smallest difference, with a 27-fold difference in recompression attacks, showed an 8-fold difference.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.349-356
• /
• 2013

As various features of the smartphone have been used, a lot of information have been stored in the smartphone, including the user's personal information. However, a frequent update of the operating system and applications may cause a loss of data and a risk of missing important personal data. Thus, the importance of data backup is significantly increasing. Many users employ the backup feature to store their data securely. However, in the point of forensic view these backup files are considered as important objects for investigation when issued hiding of smartphone or intentional deletion on data of smartphone. Therefore, in this paper we propose a scheme that analyze structure and restore data for Kies backup files of Samsung smartphone which has the highest share of the smartphone in the world. As the experimental results, the suggested scheme shows that the various types of files are analyzed and extracted from those backup files compared to other tools.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.417-429
• /
• 2013

A lot of OS(Operating Systems) such as Linux and Android selected Ext4 as the official file system. Therefore, a recovery of deleted file from Ext4 is becoming a pending issue. In this paper, we suggest how to recover the deleted file by analyzing the entire structure of Ext4 file system, the study of metadata area, the distinct feature when file is assigned and deleted. Particularly, we focus on studying the features of file which is assigned in Ext4 file system in Android OS and also suggest the method to recover the deleted file that is fragmented from the un-allocated area.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.555-562
• /
• 2009

In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus softwares have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.69-79
• /
• 2015

This research proposes a modified data hiding method to hide data in a slack space of an NTFS index record. The existing data hiding method is for anti-forensics, which uses traces of file names of an index entry in an index record when files are deleted in a direcotry. The proposed method in this paper modifies the existing method to make non-admittable ASCII characters for a file name applicable. By improving the existing method, problems of a file creation error due to non-admittable characters are remedied; including the non-admittable 9 characters (i. e. slash /, colon :, greater than >, less than <, question mark ?, back slash ${\backslash}$, vertical bar |, semi-colon ;, esterisk * ), reserved file names(i. e. CON, PRN, AUX, NUL, COM1~COM9, LPT1~LPT9) and two non-admittable characters for an ending character of the file name(i. e. space and dot). Two results of the two message with non-admittable ASCII characters by keyboard inputs show the applicability of the proposed method.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.95-100
• /
• 2012

In this paper, we see the means for the assault, the type of unlawful exercise of power. Also, we see the violence, the physical exercise accompanying with assault. Now, it has caused numerous crimes in elevators. This paper is to present a way to extract the violence and assault that occurred in elevators. Key frame was extract by color histogram method, one of the ways to scene change detection techniques. Extracted key frames are key frames of a scene containing a forensic crime scene video. Also, the key frames of the scene should be submitted to the forensic evidence.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.265-268
• /
• 2010

Current Traceback is difficult due to the development of bypass technique Proxy and IP-driven to trace the real IP Source IP is the IP traceback after the actual verification is difficult. In this paper, an intelligent about SQL Query field, column, table elements such as analysis of the value and the matching key values and Data used here to analyze source user hit point values for the user to trace the Application Layer IP for the analysis of forensic evidence guided by In this study, including forensic DB security will contribute to the development of electronic trading.