• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.1
• /
• pp.25-30
• /
• 2017

The influence of the data deletion method which is one of anti-forensic techniques is substantial in terms of forensic analysis compared to its simplicity of the act. In academic world, recovery techniques on deleted files have been continuously studied in response to the data deletion method and representatively, the file system-based file recovery technique and file format based recovery technique exist. If there's metadata of deleted file in file system, the file can be easily recovered by using it, but if there's no metadata, the file is recovered by using the signature-based carving technique or the file format based recovery technique has to be applied. At this time, in the file format based recovery technique, the file structure analysis and possible recovery technique should be provided. This paper proposes the page recovery technique on deleted PDF file based on the structural characteristics of PDF file. This technique uses the tag value of page object which constitutes one page of PDF file. Object is extracted by utilizing each tag value as a kind of signature and by analyzing extracted object, the metadata of PDF file is recombined and then it's reconfigured page by page. Recovering by page means that even if deleted PDF file is damaged, even some pages consisting of PDF file can be recovered. Generally, if the file system based file is not recoverable, deleted file is recovered by applying the signature based carving technique. The technique which we proposed in this paper can recover PDF files that are damaged. In the digital forensic perspective, it can be utilized to recover more data than previously.

• The KIPS Transactions:PartC
• /
• v.17C no.5
• /
• pp.391-398
• /
• 2010

Most of digital forensics tools focus on file analysis of allocated area on storage. So, there is a lack of recovery methods for deleted files by suspects or previously used files. To efficiently analyze deleted files, digital forensic tools depend on data recovery tools. These process not appropriate for quick and efficient responses the incident or integrity preservation. This paper suggests the framework for data recovery and analysis tools from digital forensics point of view and presents implementation results.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.2
• /
• pp.93-102
• /
• 2013

These days digital data have become essential for digital investigation because most of the crime was occurred by using the digital devices. However, digital data is very easier to falsify or delete. If digital data was deleted, it is necessary to recover the deleted data for obtain digital evidence. Even though file carving is the most important thing to gather. digital evidence in digital forensic investigation, most of popular carving tools don't contemplate methods of selection or restoration for digital forensic investigation. The goal of this research is suggested files which can obtain useful information for digital forensic investigation and proposed new record file carving technique to be able to recover data effectively than before it.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.12
• /
• pp.487-496
• /
• 2017

In MySQL InnoDB, there are two ways of storing data. One is to create a separate tablespace for each table and store it separately. Another is to store all table and index information in a single system tablespace. You can use this information to recover deleted data from the record. However, in most of the current database forensic studies, the former is actively researched and its structure is analyzed, whereas the latter is not enough to be used for forensics. Both approaches must be analyzed in terms of database forensics because their storage structures are different from each other. In this paper, we propose a method for recovering deleted records in a method of storing records in IBDATA file, which is a single system tablespace. First, we analyze the IBDATA file to reveal its structure. And introduce delete record recovery algorithm which extended to an unallocated page area which was not considered in the past. In addition, we show that the recovery rate is improved up to 68% compared with the existing method through verification using real data by implementing the algorithm as a tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.397-403
• /
• 2020

With the convenience of real-time conversation, multimedia file and contact sharing services, most people use instant messenger, and its usage time is increasing. Because the messengers contain a lot of user behavior information data, in the digital forensic investigation, they can be very useful evidence to identify user behavior. However, some of useful data can be difficult to acquire or recognize because they are encrypted or deleted. Thus, in order to use the messenger data as evidence, the study of message decryption process and message recovery is essential. In this paper, we analyze the database encryption process of the instant messenger, MalangMalang Talkafe, and propose the method to decrypt it. In addition, we propose the methods to identify the deleted messages and recover from the volatile memory area.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.8
• /
• pp.85-93
• /
• 2018

In this research, it is proposed that a method to hide data by modifying directory index entry information. It consists of two methods: a directory list hiding and a file contents hiding. The directory list hiding method is to avoid the list of files from appearing in the file explorer window or the command prompt window. By modifying the file names of several index entries to make them duplicated, if the duplicated files are deleted, then the only the original file is deleted, but the modified files are retained in the MFT entry intact. So, the fact that these files are hidden is not exposed. The file contents hiding is to allocate data to be hidden on an empty index record page that is not used. If many files are made in the directory, several 4KB index records are allocated. NTFS leaves the empty index records unchanged after deleting the files. By modifying the run-list of the index record with the cluster number of the file-to-hide, the contents of the file-to-hide are hidden in the index record. By applying the proposed method to the case of hiding two files, the file lists are not exposed in the file explorer and the command prompt window, and the contents of the file-to-hide are hidden in the empty index record. It is proved that the proposed method has effectiveness and validity.

• Proceedings of the Ginseng society Conference
• /
• 2006.05a
• /
• pp.40-51
• /
• 2006

To investigate the association between Korean red ginseng (KRG) intake in HIV-1 infected patients and occurrence of grossly deleted nef genes ($g{\Delta}nef$), we characterized nef genes in 10 long-term slow progressors (LTSP) infected with HIV-1 subtype B and 34 control patients. LTSP was defined whose the annual decrease in CD4 T cells was less than $20/{\mu}l$ over 10 years in the absence of antiretroviral therapy. They were treated with KRG for a prolonged period. Nef genes were amplified from peripheral blood mononuclear cells (PBMC) using nested PCR and products were sequenced directly. Patient CD4 T cell counts decreased from $444{\pm}207/{\mu}l$ to $294{\pm}177/{\mu}l$ over $136{\pm}23$ months of KRG intake. This corresponds to an annual decrease in the level of CD4 T cells of $13.3/{\mu}l$. A total of 479 nef genes were amplified from 137 PBMC samples. Nine out of the 10 patients, 47 (34.3%) out of the 137 samples, and 92 out of the 479 genes revealed $g{\Delta}nef$. The deletion extended outside the nef gene in 25 $g{\Delta}nef$ obtained from 6 patients. The proportion of samples with $g{\Delta}nef$ (34.3%) was significantly higher than 4.8% in control patients (P<0.001). In addition, it significantly increased as the duration of KRG intake prolongs (P<0.01). These data suggest the possibility that occurrence of $g{\Delta}nef$ might be associated with long-term intake of KRG.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.835-843
• /
• 2023

Given the structure of XML data, path and tree pattern matching algorithms play an important role in XML query processing. To facilitate decisions or relationships between nodes, nodes in an XML tree are typically labeled in a way that can quickly establish an ancestor-descendant on relationship between two nodes. However, these techniques have the disadvantage of re-labeling existing nodes or recalculating certain values if insertion occurs due to sequential updates. Therefore, in current labeling techniques, the cost of updating labels is very high. In this paper, we propose a new labeling technique called Fast XML encoding, which supports the update of order-sensitive XML documents without re-labeling or recalculation. It also controls the length of the label by reusing deleted labels at the same location in the XML tree. The proposed reuse algorithm can reduce the length of the label when all deleted labels are inserted in the same location. The proposed technique in the experimental results can efficiently handle order-sensitive queries and updates.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.59-66
• /
• 2017

MySQL database is the second place in the market share of the current database. Especially InnoDB storage engine has been used in the default storage engine from the version of MySQL5.5. And many companies are using the MySQL database with InnoDB storage engine. Study on the structural features and the log of the InnoDB storage engine in the field of digital forensics has been steadily underway, but for how to restore on a record-by-record basis for the deleted data, has not been studied. In the process of digital forensic investigation, database administrators damaged evidence for the purpose of destruction of evidence. For this reason, it is important in the process of forensic investigation to recover deleted record in database. In this paper, We proposed the method of recovering deleted data on a record-by-record in database by analyzing the structure of MySQL InnoDB storage engine. And we prove this method by tools. This method can be prevented by database anti forensic, and used to recover deleted data when incident which is related with MySQL InnoDB database is occurred.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 1991.04a
• /
• pp.334-340
• /
• 1991

The information with regard to the working rance of lathe, cutting tool, cutting condition is managed as detabase system for turning operation. Date with regard to the working range of lathe, cutting tool, cutting condition are stroed by the DBMS(Data Base Management System) and can be added, modified, deleted and retrieved. Data stored in database system are searched to select the most proper cutting tool and cutting condition with the input data fed from the design stage. The system developed in this work is operated by the pull down menu on the IBM PC/AT personal computer, or compatible series.