• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.869-878
• /
• 2018

Digital Evidence Data in cyberspace is easy to modify or delete, and changes are reflected in real time, so it is necessary to acquire evidence data quickly. Collecting evidence on the client side is advantageous in that data can be acquired without time delay due to additional administrative procedures, but collection of large data is likewise vulnerable to collection time delay problem. Therefore, this paper proposes an automated evidence collection method on the client side, focusing on the major web-based services in cyberspace, and enables efficient evidence collection for large volumes of data. Furthermore, we propose a digital evidence collection system in cyberspace that guarantees the integrity of the collected digital evidence until the court submission.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.124-129
• /
• 2021

As the 4th industrial era is in full swing, the public's interest in related technologies such as artificial intelligence, big data, and block chain is increasing. As artificial intelligence technology is used in various industrial fields, the need for research methods incorporating artificial intelligence technology in related fields is also increasing. Evidence collection among digital forensic investigation techniques is a very important procedure in the investigation process that needs to prove a specific person's suspicions. However, there may be cases in which evidence is damaged due to intentional damage to evidence or other physical reasons, and there is a limit to the collection of evidence in this situation. Therefore, this paper we intends to propose an artificial intelligence-based evidence collection system that analyzes numerous image files reported by citizens in real time to visually check the location, user information, and shooting time of the image files. When this system is applied, it is expected that the evidence expected data collected in real time can be actually used as evidence, and it is also expected that the risk area analysis will be possible through big data analysis.

• Journal of Information Technology Applications and Management
• /
• v.26 no.5
• /
• pp.13-25
• /
• 2019

Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.463-466
• /
• 2012

Smartphones along with the development of crime evidence has been using smartphones. Phone's internal storage medium can be used as evidence in the case of images, video, phone, GPS information, there are Internet access and other data records. Therefore, these data to collect evidence of a systematic procedure for collecting and analyzing evidence is needed. In this paper, the target mobile phone forensics forensic evidence collection, evidence analysis, and reporting results to the procedures and how to draw. Through this paper, phone forensics and will serve as a basis for the investigation.

• The Korean Journal of Emergency Medical Services
• /
• v.23 no.2
• /
• pp.75-86
• /
• 2019

Purpose: It is crucial that 119 emergency medical technician (EMT) have adequate knowledge regarding forensic science. This study aimed to assess the forensic knowledge of EMTs in the Republic of Korea. Methods: This study was conducted on EMTs of five fire stations in D metropolitan city between August 6 and August 13, 2018. A questionnaire consisting of items on crime-related incident recognition (i.e., mechanical asphyxiation, trauma, sex crimes, and child abuse), forensic evidence management (i.e., evidence collection, preservation, and recording) was administered to the participants. Finally, 119 questionnaires were analyzed. Results: The ratio of correct answers for crime-related incidents recognition was 55.82%, which was lower than that for forensic evidence management(84.5%). In particular, the scores for the type of neck compression(16.5%) and wound assessment(44.0%) were low. The percentage of correct answers for forensic evidence management was 78.4% for evidence collection, 84.4% for evidence preservation, and 90.6% for evidence recording. Previous forensic education experience was not a significant variable. Conclusion: Specific and practical forensic science education on perception of crime-related incident, including asphyxia and wound identification, and forensic evidence collection is needed.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.61-68
• /
• 2010

Recently a malware is increasing for leaking personal data, credit information, financial information, etc. The secondary damage is also rapidly increasing such as the illegal use of stolen name, financial fraud, etc. But when a system is infected by a malware of leaking information, the existing malware evidence collection tools do not provide evidences conveniently or sometimes cannot provide necessary evidences. So security officials have much difficulty in responding to malwares. This paper analyzes the current status and problems of the existing malware evidence collection tools and suggests new ways to improve those problems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.57-67
• /
• 2013

Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.269-272
• /
• 2011

The lawsuit is being made on the smart phone. And recent is getting a lot of evidence for the smart phone data in a court of law. Thus, the evidence of illegal use smartphone for the extraction of data and evidence collection, forensic procedure is a need for research. In this paper, evidence of phone forensic procedure for the extraction of the data suggests. And, by collecting forensic evidence from smartphones ensure the integrity of digital evidence and how to solve the case investigated. With this study, smartphone forensic will be able to contribute to the development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.839-845
• /
• 2018

Sensitive data is encrypted and stored as privacy policy is strengthened through frequent leakage of personal information. For this reason, the cryptographically owned encrypted data is a very important analysis from the viewpoint of digital forensics. Until now, the digital evidence collection procedure only considers imaging, so hardware specific information is not collected. If the encryption key is generated by information that is not left in the disk image, the encrypted data can not be decrypted. Recently, an application for performing encryption using hardware specific information has appeared. Therefore, in this paper, hardware specific information which does not remain in file form in auxiliary storage device is studied, and hardware specific information collection method is introduced.

• Korean Journal of Child Studies
• /
• v.22 no.4
• /
• pp.331-341
• /
• 2001

This study is to investigate whether young Korean children have understanding for testing hypothesis. Questions explored are; First, do children have notions of testing hypothesis? Or, do they just produce an effect? Second, choosing between conflicting hypotheses, can children distinguish between experiments that would produce conclusive and inconclusive evidence? For this study, 15 first grade and 15 second grade children in elementary school located in Kyunggi area near Seoul participated. Data collection and analysis were based on interviews with children for two weeks. Children were presented two conflicted hypotheses to decide which one is correct through conclusive evidence and inconclusive evidence in the interview. The results showed that children(1st: 93.3%, 2nd: 81.3%) of each grade can distinguish between hypothesis and evidence to do testing hypothesis, and distinguish between conclusive and inconclusive evidence. In conclusion, most young children have understanding of testing hypothesis based on their familiar experiences, so it was possible for them to differentiate hypothesis from evidence in certain situations.