• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.655-657
• /
• 2001

포렌식 컴뷰팅에 관하여 1984년부터 많은 연구가 진행되어 왔으며, 이 분야 연구는 주로 디스크에 관한 화학적, 물리적 방법을 이용한 증거 추출(Evidence Capture)에 중점을 두어 왔다. 최근 forensic software engineering 분야의 접근은 알고리즘의 error detection에 연구방향을 두고 있다. 그러나 지적 재산권 법을 온라인 상에서 컨텐츠를 이용하는 가운데 적용 시키는 연구는 미비하다. 본 연구에서는 지적 재산권을 이용한 XML tree를 만들고, parsing하여 RDB를 구축한 후 질의 (query)하여 매핑(mapping)시키는 시스템을 구현 하고자 한다. 입력자료는 우리가 기존에 개발한 DRM(Digital Rights Management)시스템에서 사용자를 모니터링하여 검출한 불법 복사/증거 프로 파일로 한다. 이것은 법 전문가에 의뢰하기 전에, 사용되는 컨텐츠가 법에 위배 된다면 지적재산권 법 몇조 몇항에 해당되는지를 사용자, 대리인/변호인, attorney, judge 등에게 컨설팅 해주는 시스템이다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.07a
• /
• pp.267-268
• /
• 2022

디지털 기기의 발전에 따라 우리에게 이로운 효과를 주고 있으나 음지에서는 디지털 성범죄의 피해자가 속출하고 있는 실정이다. 사회적으로 지속해서 대두되고 있는 디지털 성범죄는 그 피해사례가 연간 약 2배 증가하고 있으며, 전체 아동·청소년 성범죄 사례 중 디지털 성범죄가 차지하는 비율은 2018년 6.5%에서 2019년 13.9%로 2.13배 증가하였다. 본 논문에서는 디지털 성범죄의 사회적 인식을 각인시키며 국내외 성범죄 피해사례와 관련 디지털 포렌식 고도 기술 연구에 관한 내용을 제안한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.07a
• /
• pp.263-266
• /
• 2022

최근 프로세서 제조공정의 급속한 발전으로 프로세서의 종류에 상관없이 같은 운영체제를 설치 할 수 있게 되었다. 하지만 근본적으로 프로세서의 종류에 따라 차이점이 있고, 동작방식이 다르기 때문에 포렌식 할 경우 같은 운영체제라도 다른 결과가 나올 수 있다. 본 논문은 디지털포렌식을 이용하여 CISC 프로세서의 Windows 운영체제와 RISC 프로세서의 Windows운영체제를 비교하고, 프로세서 방식에 따른 차이점을 통해 후속 연구 방향을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.149-162
• /
• 2004

Until now the study of computer forensics has been focused only system forensics which carried on keeping, processing and collecting the remained evidence on computer. Recently the trend of forensic study is proceeding about the network forensics which analyze the collected information in entire networks instead of analyzing the evidence on a victim computer. In particular network forensics is more important in Automated Computer Emergency Response System because the system deals with the intrusion evidence of entire networks. In this paper we defined the information of network forensics that have to be collected in Automated Computer Emergency Response System and verified the defined information by comparing with the collected information in experimental environments.

• KSCI Review
• /
• v.15 no.1
• /
• pp.37-46
• /
• 2007

Lately, is trend that diffusion of Mobile information appliance that do various function by development of IT technology is increasing much. There is function that do more convenient and efficient life and business using portable phone that is Daepyo?? of Mobile information appliance, but dysfunction that is utilized by Beopjoe of pointed end engineering data leakage, individual's privacy infringement, threat and threat etc. relationship means to use Mobile Phone is appeared and problems were appeared much. However, legal research of statute unpreparedness and so on need research and effort to prove delete, copy, integrity of digital evidence that transfer secures special quality of easy digital evidence to objective evidence in investigation vantage Point is lacking about crime who use this portable phone. It is known that this digital Forensic field is Mobile Forensic. Is purposeful to verify actually about acquisition way of digital evidence that can happen in this treatise through portable phone that is Mobile Forensic's representative standing and present way to prove integrity of digital evidence using Hash Function.

• Journal of Advanced Navigation Technology
• /
• v.15 no.5
• /
• pp.887-892
• /
• 2011

Recently iPad has been released, so users interest in new portable device is increasing. As markets grow, experts are forecasting a increase of investigation about tablet PC. However iPad forensics is very difficult using existing smart phone forensic softwares. especially, those softwares can't analyze korean mobile application. This paper describes collecting/analyzing technique for iPad.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.12 no.1
• /
• pp.53-59
• /
• 2012

As the Privacy Act is in force in Korea, the subject of protection responsibility is increased, and continuous efforts are made to protect privacy in overseas countries, as can be seen by standard drafts related to privacy protection. However, the reality is that a formal privacy manual or guidelines are insufficient to help cope with the rapid changes and privacy leak caused by TGIF(Twitter-Google-iPhone-Facebook) these days, and practical effects cannot be expected, even though measures are taken. This paper propose a standard format for satisfying the ISO/IEC 29101 "Privacy Reference Architecture" and shows an implementation example for equipping with forensic readiness capturing indications of the incident rapidly and coming up with an effective counter measure when privacy information is disclosed.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.31-40
• /
• 2016

In this paper, we propose a new anti-forensic method for hiding data in the timestamp of a file in the Windows NTFS filesystem. The main idea of the proposed method is to utilize the 16 least significant bits of the 64 bits in the timestamps. The 64-bit timestamp format represents a number of 100-nanosecond intervals, which are small enough to appear in less than a second, and are not commonly displayed with full precision in the Windows Explorer window or the file browsers of forensic tools. This allows them to be manipulated for other purposes. Every file has $STANDARD_INFORMATION and $FILE_NAME attributes, and each attribute has four timestamps respectively, so we can use 16 bytes to hide data. Without any changes in an original timestamp of "year-month-day hour:min:sec" format, we intentionally put manipulated data into the 16 least significant bits, making the existence of the hidden data in the timestamps difficult to uncover or detect. We demonstrated the applicability and feasibility of the proposed method with a test case.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1169-1172
• /
• 2005

컴퓨터 포렌식절차에서 증거물 획득은 중요한 부분이다. 컴퓨터 포렌식의 여러 원칙 중 신속성의 원칙은 휘발성 정보의 획득유무와 관계가 있다. 기존 통합보안관리시스템(ESM: Enterprise Security Management) 은 보안이벤트중심으로 정보를 수집한다. 컴퓨터 포렌식에서 중요한 휘발성 시스템 포렌식 정보와 네트웍 포렌식 정보는 수집하지 않는다. 본 논문에서는 통합보안관리시스템에 Pre-Forensic 정책을 도입하여 기존 보안경보기능에 포렌식 데이터 수집 대응방안을 추가한 새로운 통합 보안관리시스템 모델을 제안한다. 제안 시스템은 무결성이 보장되는 많은 증거를 수집할 수 있으며 향상된 컴퓨터 포렌식 증거물 획득 방법을 제시한다.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.4
• /
• pp.327-337
• /
• 2015

This work provides new forensic techinque to a hide message on a directory index in Windows NTFS file system. Behavior characteristics of B-tree, which is apoted to manage an index entry, is utilized for hiding message in slack space of an index record. For hidden message not to be exposured, we use a disguised file in order not to be left in a file name attribute of a MFT entry. To understand of key idea of the proposed technique, we describe B-tree indexing method and the proposed of this work. We show the proposed technique is practical for anti-forensic usage with a real message hiding case using a developed software tool.