• Journal of Internet Computing and Services
• /
• v.21 no.3
• /
• pp.93-102
• /
• 2020

In order for data obtained through all stages of digital crime investigation to be recognized as evidence capability, it must satisfy legal / technical requirements. In this paper, we propose a mechanism and implement software to provide digital forensic evidence by automatically recovering files by scanning / inspecting the unallocated area inside the storage disk block without relying on information provided by the file system. The proposed technique checks / analyzes the RAW disk data of the system under analysis in 512-byte block units based on information on the storage format / file structure of various files stored on the disk without referring to the file system-related information provided by the operating system. The file carving process was implemented, and a smart carving mechanism was proposed to intelligently restore deleted or damaged files in the storage device. As a result, we have provided a block based smart carving method to intelligently identify fragmented and damaged files in storage efficiently for forgery analysis on digital forensic investigation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• Journal of Advanced Navigation Technology
• /
• v.18 no.1
• /
• pp.50-55
• /
• 2014

Recently, importance of digital forensics has increased and using analysis methods of digital evidence in the analysis of evidence of various types. However, analysis time and effort is steadily increasing because personal disk capacity is too big and it has many number of files. Most digital evidence has time property, such as access time, creation time, and modification time. These time information of digital evidence is one of most important factors in the digital forensic area. But if digital examiner simply analyze based on binary source only, it is possible to have wrong result because time has various types. In this paper, we classify various type of time in the digital evidence and describe advanced analysis method based on timeline chart for digital forensic investigation.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.185-194
• /
• 2007

WiBro has become intentionally standardize as IEEE 802.16e. This WiBro service has been started by a portable internet at home as well as abroad. In this paper, an offender hacker do not direct attack on system on system that It marched an attack directly in damage system because a place oneself in mobile station of portable internet WiBro and avoid to attack hacker's system. At this time, a mobile make use of network inspection policy for back-tracking based on log data. Used network log audit, and presented TCP/IP bases at log bases as used algorithm, the SWT technique that used Thumbprint Algorithm. Timing based Algorithm, TCP Sequence number. Study of this paper applies algorithm to have been progressed more that have a speed to be fast so that is physical logical complexity of configuration of present Internet network supplements a large disadvantage, and confirm an effective back-tracking system. result of research of this paper contribute to realize a back-tracking technique in ubiquitous in WiBro internet network.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.1
• /
• pp.143-151
• /
• 2008

Execute IP traceback at this paper as target an intruder's attacking that Bypass Attack in order to avoid an exposure of own Real IP address Design IP traceback server and agent module, and install in Internet network system for Real IP traceback. Set up detection and chase range aggressive loop around connection arbitrariness, and attack in practice, and generate Real IP data cut off by fatal attacks after data and intrusion detection accessed general IP, and store to DB. Generate the Forensic data which Real IP confirms substance by Whois service, and ensured integrity and the reliability that buy to early legal proof data, and was devoted to of an invader Present the cyber criminal preventive effect that is dysfunction of Ubiquitous Information Society and an effective Real IP traceback system, and ensure a Forensic data generation basis regarding a judge's robe penalty through this paper study.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.12
• /
• pp.111-121
• /
• 2021

As the main carrier of information, digital image is becoming more and more important. However, with the popularity of image acquisition equipment and the rapid development of image editing software, in recent years, digital image counterfeiting incidents have emerged one after another, which not only reduces the credibility of images, but also brings great negative impacts to society and individuals. Image copy-paste tampering is one of the most common types of image tampering, which is easy to operate and effective, and is often used to change the semantic information of digital images. In this paper, a method to protect the authenticity and integrity of image content by studying the tamper detection method of image copy and paste was proposed. In view of the excellent learning and analysis ability of deep learning, two tamper detection methods based on deep learning were proposed, which use the traces left by image processing operations to distinguish the tampered area from the original area in the image. A series of experimental results verified the rationality of the theoretical basis, the accuracy of tampering detection, location and classification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.175-185
• /
• 2008

It is meaningful to investigate data in unallocated space because we can investigate the deleted data. However the data in unallocated space is formed to fragmented and it cannot be read by application in most cases. Especially in case of being compressed or encrypted, the data is more difficult to be read. If the fragmented data is encrypted and damaged, it is almost impossible to be read. If the fragmented data is compressed and damaged, it is very difficult to be read but we can read and interpret it sometimes. Therefore if the computer forensic investigator wants to investigate data in unallocated space, formal work of determining the data is encrypted of compressed and decompressing the damaged compressed data. In this paper, I suggest the method of analyzing data in unallocated space from a viewpoint of computer forensics.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.5
• /
• pp.149-156
• /
• 2009

Korean WiBro becomes international standard to IEEE 802.16e, and We are carrying out a WiBro network business from capital regions. We executed eavesdropping about voices and messenger program and the VoIP which frequently happened in WiBro networks at these papers. We have a lot in common with the Wireshark which is a packet collection and an analyzer, and We execute eavesdropping, and We reproduce eavesdropping data with bases to a SIP, H.263, TCP, UDP protocol through packets. In time of a copy of a packet negative the VoIP which verify time with bases, and was eavesdropped on integrity packet and a X-Lite call record, be matched that a packet is counterfeit forgery did not work, and We demonstrate, and verify integrity. The data which integrity was verified put in a seaming envelope, and we prepare so as it is to a liver of investigator, and execute, and to be able to do use to proof data after seaming in courts in order to utilize as criminal investigation data.

• Computers and Concrete
• /
• v.31 no.5
• /
• pp.457-468
• /
• 2023

Buildings, bridges, and dams are examples of civil infrastructure that play an important role in public life. These structures are prone to structural variations over time as a result of external forces that might disrupt the operation of the structures, cause structural integrity issues, and raise safety concerns for the occupants. Therefore, monitoring the state of a structure, also known as structural health monitoring (SHM), is essential. Owing to the emergence of the fourth industrial revolution, next-generation sensors, such as wireless sensors, UAVs, and video cameras, have recently been utilized to improve the quality and efficiency of building forensics. This study presents a method that uses a target-based system to estimate the dynamic displacement and its corresponding dynamic properties of structures using UAV-based video. A laboratory experiment was performed to verify the tracking technique using a shaking table to excite an SDOF specimen and comparing the results between a laser distance sensor, accelerometer, and fixed camera. Then a field test was conducted to validate the proposed framework. One target marker is placed on the specimen, and another marker is attached to the ground, which serves as a stationary reference to account for the undesired UAV movement. The results from the UAV and stationary camera displayed a root mean square (RMS) error of 2.02% for the displacement, and after post-processing the displacement data using an OMA method, the identified natural frequency and damping ratio showed significant accuracy and similarities. The findings illustrate the capabilities and reliabilities of the methodology using UAV to evaluate the dynamic properties of structures.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.3
• /
• pp.55-66
• /
• 2024

Gender classification techniques have received a lot of attention from researchers because they can be used in various fields such as forensics, surveillance systems, and demographic studies. As previous studies have shown that there are distinctive features between male and female gait, various techniques have been proposed to classify gender from three dimensional(3-D) gait data. However, some of the gait features extracted from 3-D gait data using existing techniques are similar or redundant to each other or do not help in gender classification. In this study, we propose a method to select features that are useful for gender classification using a correlation-based feature selection technique. To demonstrate the effectiveness of the proposed feature selection technique, we compare the performance of gender classification models before and after applying the proposed feature selection technique using a 3-D gait dataset available on the Internet. Eight machine learning algorithms applicable to binary classification problems were utilized in the experiments. The experimental results show that the proposed feature selection technique can reduce the number of features by 22, from 82 to 60, while maintaining the gender classification performance.