• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.57-67
• /
• 2013

Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.491-498
• /
• 2016

Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.10
• /
• pp.111-121
• /
• 2009

Public Information Documental of the administrative, legislative and judicial etc. is lastingness documental and need administration. Whenever the crime event happens, judicature's documental is lent frequently to reference data and is returned, event posting of documental, hysteresis inquiry, lending/return, conservation search, documental exhaust management must consist for administration of lastingness documental. RFID is utilized by the practical use plan of recent Ubiquitous information. Because attaching tag to lastingness documental that use RFID in this treatise, register and manage documental, and chase hysteresis, and design upkeep, present condition analysis of lastingness documental to search, S/W, H/W, network layout, Ubiquitous RFID lastingness recording administration system. Construct lastingness recording administration system after a performance experiment and a chase experiment that is applied in spot that attach 900MHz important duty's RFID tag. After construction practice, create link sex with connection system, security analysis and Forensic data and analyze improvement effect. Is going to contribute Ubiquitous information technology application and Forensic technology development in country documental administration through. research of this treatise.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.193-206
• /
• 2024

In tandem with the advancements in the digital era, the significance of digital data has escalated, necessitating an increased focus on digital forensics investigations. However, the process of collecting and analyzing digital evidence faces significant challenges, such as the unidentifiability of damaged files due to issues like media corruption and anti-forensic techniques. Moreover, the technological limitations of existing tools hinder the recovery of damaged files, posing difficulties in the evidence collection process. This paper aims to propose solutions for the recovery of corrupted MS Office files commonly used in digital data creation. To achieve this, we analyze the structure of MS Office files in the OOXML format and present a novel approach to overcome the limitations of current recovery tools. Through these efforts, we aim to contribute to enhancing the quality of evidence collection in the field of digital forensics by efficiently recovering and identifying damaged data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.11
• /
• pp.2491-2496
• /
• 2010

Smart Phone with domestic demand increasing rapidly, the utilization of multimedia services have become diverse. Smart Phone users use the copyrighted multimedia contents illegally from hacking their Smart Phone with Jail Breaking and Rooting. Legal issues according to the Korea-U.S. FTA. and high relevance with crime as mobile communication terminal, the utilization of created and saved digital evidence is high, the mobile forensic evidence study is required. This paper studied method and notice of legal seizure and search assuming the Smart Phone copyright violation. Research the status of Smart Phone copyright violation and related violation by category as broadcasting, movies, music, e-book etc. Research the method of submit a report to the court by applying techniques to forensic. The results of this research will contribute to the provide of Smart Phone crime evidence and mobile forensic technology.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.11
• /
• pp.101-105
• /
• 2012

Various social problems through violating personal information and privacy are growing with the rapid spread of smartphones. For this reason, variety of researches and technology developments to protect personal information being made. The smartphone, contains almost all of the personal information, can cause data spill at any time. Collecting or analyzing evidence is not an easy job with forensic analyzing tool. Android forensics research has been focused on techniques to collect and analyze data from non-volatile memory but research for volatile data is very slight. Android log is the non-volatile data that can be collected by volatile storage. It is enough to use as a material to track the usage of the Android phone because all of the recent driven records from system to application are stored. In this paper, we propose a method to respond to determining the existence of personal information leakage by filtering logs without forensic analysis tools.

• Journal of Advanced Navigation Technology
• /
• v.16 no.2
• /
• pp.307-317
• /
• 2012

Rapid development of the IT technology and mobile communications has increasingly improved many kinds of digital devices arise, as well as the mobile technology. However, the attacks (virus, hacking and Ip spoofing etc) have also increasingly grown dogged on any region including the society security. As the visual data is prone to copy, delete and move etc, it is necessary that attesting to the integrity of forensics evidence is crucial, as well as data transmission security. This paper presents a framework model using digital forensics method and the results of its performance evaluation for mobile security. The results show that the integrity of the visual data can be obtain with high security and make a proposal refer to prevention of Mobile IP Spoofing attack using our hashing data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.151-166
• /
• 2009

To prove the integrity of digital evidence on the investigation procedure, the data which is using the MD 5(Message Digest 5) hash-function algorithm has to be discarded, if the integrity was damaged on the investigation. Even though a proof restoration of the deleted area is essential for securing the proof regarding a main phase of a case, it was difficult to secure the decisive evidence because of the damaged evidence data due to the difference between the overall hash value and the first value. From this viewpoint, this paper proposes the novel model for the mobile forensic procedure, named as "E-Finder(Evidence Finder)", to ,solve the existing problem. The E-Finder has 5 main phases and 15 procedures. We compared E-Finder with NIST(National Institute of Standards and Technology) and Tata Elxsi Security Group. This paper thus achieved the development and standardization of the investigation methodology for the mobile forensics.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.07a
• /
• pp.111-113
• /
• 2013

엘리베이터 내부에서는 흡연이나 음주 등 사회적으로 폐가되는 행동은 금지되어 있다. 승강기 내에서 흡연을 하는 것은 상도덕에 어긋나는 일이며 자라는 우리 아이들과 여성들에게 매우 치명적일 수 있다. 본 논문에서는 승강기 내에서 흡연을 하는 사람을 추출하여 포렌식 증거 자료로 제출하기 위해서이다. 방법은 흰색 막대를 입에 물거나, 연기를 내품는 사람을 추출하는 것이다. 방법은 장면 전환 검출에서 평균 명암 측정 방법으로 추출한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.655-657
• /
• 2001

포렌식 컴뷰팅에 관하여 1984년부터 많은 연구가 진행되어 왔으며, 이 분야 연구는 주로 디스크에 관한 화학적, 물리적 방법을 이용한 증거 추출(Evidence Capture)에 중점을 두어 왔다. 최근 forensic software engineering 분야의 접근은 알고리즘의 error detection에 연구방향을 두고 있다. 그러나 지적 재산권 법을 온라인 상에서 컨텐츠를 이용하는 가운데 적용 시키는 연구는 미비하다. 본 연구에서는 지적 재산권을 이용한 XML tree를 만들고, parsing하여 RDB를 구축한 후 질의 (query)하여 매핑(mapping)시키는 시스템을 구현 하고자 한다. 입력자료는 우리가 기존에 개발한 DRM(Digital Rights Management)시스템에서 사용자를 모니터링하여 검출한 불법 복사/증거 프로 파일로 한다. 이것은 법 전문가에 의뢰하기 전에, 사용되는 컨텐츠가 법에 위배 된다면 지적재산권 법 몇조 몇항에 해당되는지를 사용자, 대리인/변호인, attorney, judge 등에게 컨설팅 해주는 시스템이다.