• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.2
• /
• pp.323-331
• /
• 2013

There are three ways how to extract forensic evidence from mobile phone, such as SYN, JTAG, Revolving. However, it should be a different way to extract forensic evidence due to the differences of their usage and technology between them(mobile phone and smart phone). Therefore, in this paper, I will come up with extraction method that forensics evidence by search and seizure of a smart phone. This study aims to analyze specifications and O.S., backup analysis, evidence in smart to analyze for search and seizure of a smart phone commonly used google android and windows mobile smart phone. This study also aim to extract forensics evidence related to google android and phone book, SMS, photos, video of window mobile smart phone to make legal evidence and forensics report. It is expected that this study on smart phone forensics technology will contribute to developing mobile forensics technology.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.1
• /
• pp.95-102
• /
• 2015

Smartphone is very useful for use in the real world, but it has been exposed to a lot of crime by smartphone. Also, it occurs attempting to delete a data of smartphone memory by anti-forensic tools. In this paper, we implement an anti-forensic tool used in the Android. In addition, tests to validate the availability of the anti-forensic tool by the Oxygen Forensic Suite that is a commercial forensic tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1057-1067
• /
• 2013

The market share of smartphones has been increasing more and more at the recent mobile market and smart devices and applications that are based on a variety of operating systems has been released. Given this reality, the importance of smart devices analysis is coming to the fore and the most important thing is to minimize data corruption when extracting data from the device in order to analyze user behavior. In this paper, we compare and analyze the area-specific changes that are the file system of collected image after obtaining root privileges on the Android OS and iOS based devices, and then propose the most efficient method to obtain root privileges.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.417-429
• /
• 2013

A lot of OS(Operating Systems) such as Linux and Android selected Ext4 as the official file system. Therefore, a recovery of deleted file from Ext4 is becoming a pending issue. In this paper, we suggest how to recover the deleted file by analyzing the entire structure of Ext4 file system, the study of metadata area, the distinct feature when file is assigned and deleted. Particularly, we focus on studying the features of file which is assigned in Ext4 file system in Android OS and also suggest the method to recover the deleted file that is fragmented from the un-allocated area.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.345-352
• /
• 2014

As the utilization rate of smart device increases, various applications for smart device have been developed. Since these applications can contain important data related to user behaviors in digital forensic perspective, the analysis of them should be conducted in advance. However, lots of applications get to have new data format or type when they are updated. Therefore, whether the applications are updated or not should be checked one by one, and if they are, whether their data are changed should be also analyzed. But observing application data repeatedly is a time-consuming task, and that is why the effective method for dealing with this problem is needed. This paper suggests the automatic system which gets updated information and checks changed data by collecting application information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.167-175
• /
• 2011

As recent emergence of smart phones, mobile services are growing in various forms. Many companies released smart phones of various operating systems such as Window Mobile, Android and iOS. Currently, most popular smart phone operating systems are Android and iOS. Due to the various features of these smart phone, they can be employed to various crimes. From the point of view of digital forensics, this paper analyzes the evidence data which needs to be collected in the smart phone, and implements the evidence analysis tool. By using this tool, it can reduce the time and effort for collecting and analyzing the evidence of the smart phone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.407-416
• /
• 2018

Instagram is a Social Network Service(SNS) that has recently become popular among people of all ages and it makes people to construct social relations and share hobbies, daily routines, and useful information. However, since the uploaded information can be accessed by arbitrary users and it is easily shared with others, frauds, stalking, misrepresentation, impersonation, an infringement of copyright and malware distribution are reported. For this reason, it is necessary to analyze Instagram from a view of digital forensics but the research involved is very insufficient. So in this paper, We performed reverse engineering and dynamic analysis of Instagram from a view of digital forensics in the Android environment. As a result, we checked three database files that contain user behavior analysis data such as chat content, chat targets, posted photos, and cookie information. And we found the path to save 4 files and the xml file to save various data. Also we propose ways to use the above results in digital forensics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.285-294
• /
• 2014

As the utilization rate of smart device increases, various applications for smart device have been developed. Since these applications can contain important data related to user behaviors in digital forensic perspective, the analysis of them should be conducted in advance. However, lots of applications get to have new data format or type when they are updated. Therefore, whether the applications are updated or not should be checked one by one, and if they are, whether their data are changed should be also analyzed. But observing application data repeatedly is a time-consuming task, and that is why the effective method for dealing with this problem is needed. This paper suggests the automatic system which gets updated information and checks changed data by collecting application information.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.6
• /
• pp.143-151
• /
• 2014

Recently, as smartphones are widespread, a variety of user's information is created and managed in smartphones. Especially the location information can show the user's position at a specific time and the user's area of interest, which could be very useful during criminal investigation. Although the location information plays an important role in solving the crimes such as serial murder, rape and arson cases, there is a lack of research on location information for digital forensics. In this paper, we analyze the location information from logs, images, and applications on android, and we suggest the integrated model for analyzing location information. The proposed model may be useful in criminal investigation by improving the efficiency of data analysis and providing information about a criminal case.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.39-54
• /
• 2018

Recently, discussions for the eradication of illegal shooting have been carried out in a socially-oriented way. The government has established comprehensive measures to eradicate cyber sexual violence crimes such as illegal shooting. Although the social interest in illegal shooting has increased, the illegal film shooting case is evolving more and more due to the development of information and communication technology. Applications that can hide confused videos are constantly circulating around the market and community sites. As a result, field investigators and professional analysts are experiencing difficulties in collecting and analyzing evidence. In this paper, we propose an evidence collection and analysis framework for illegal shooting cases in order to give practical help to illegal shooting investigation. We also proposed a system that can detect hidden applications, which is one of the main obstacles in evidence collection and analysis. We developed a detection tool to evaluate the effectiveness of the proposed system and confirmed the feasibility and scalability of the system through experiments using commercially available concealed apps.