• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.4
• /
• pp.95-102
• /
• 2016

Computer security incident such as confidential information leak and data destruction are constantly growing and it becomes threat to information in digital devices. To respond against the incident, digital forensic techniques are also developing to help digital incident investigation. With the development of digital forensic technology, a variety of forensic artifact has been developed to trace the behavior of users. Also, a diversity of forensic tool has been developed to extract information from forensic artifact. However, there is a issue that information from forensic tools has its own forms. To solve this problem, it needs to process data when it is output from forensic tools. Then it needs to compare and analyze processed data to identify how data is related each other and interpret the implications. To reach this, it calls for effective method to store and output data in the course of data processing. This paper aims to propose DFIOC (Digital Forensic Indicators Of Compromise) that is capable of transcribing a variety of forensic artifact information effectively during incident analysis and response. DFIOC, which is XML based format, provides "Evidence" to represent various forensic artifacts in the incident investigation. Furthermore, It provides "Forensic Analysis" to report forensic analysis result and also gives "Indicator" to investigate the trace of incidence quickly. By logging data into one sheet in DFIOC format for forensic analysis process, it is capable of avoiding unnecessary data processing. Lastly, since collected information is recorded in a normalized format, data input and output becomes much easier as well as it will be convenient to use for identification of collected information and analysis of data relationship.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.287-290
• /
• 2011

The synchronization feature on the smartphone by default (default) value is set. Smartphone synchronization has been set is stored that smartphone data is automatically backed up is stored When connected to a PC with a smartphone dedicated cable. The backup data is a common technique to analyze the content to be difficult to apply forensic techniques can find out information on criminal suspects. In this paper, the backup data is synchronized to the smartphone through forensic analysis is the study of forensic evidence. In a lab environment to send personal financial information on smartphone, smartphone is assumed that the experiment is compromised. Smartphone's backup data by using the forensic tools in crime associated with personal financial information and analyze data. And, to be adopted by the court will study the evidence leveraging forensic technology. Through this paper as a basis for smartphone forensic analysis will be utilized.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.97-107
• /
• 2023

With the popularization of digital devices in the era of the 4th industrial revolution and the increase in cyber crimes targeting them, the importance of securing digital data evidence is emerging. However, the difficulty in securing digital data evidence is due to the use of anti-forensic techniques that increase analysis time or make it impossible, such as manipulation, deletion, and obfuscation of digital data. Such anti-forensic is defined as a series of actions to damage and block evidence in terms of digital forensics, and is classified into data destruction, data encryption, data concealment, and data tampering as anti-forensic techniques. Therefore, in this study, anti-forensic techniques are categorized into data concealment and deletion (obfuscation and encryption), investigate and analyze recent research trends, and suggest future anti-forensic research directions.

• Journal of Korean Biological Nursing Science
• /
• v.14 no.4
• /
• pp.291-299
• /
• 2012

Purpose: This study attempted to measure the awareness and performance of the forensic nursing role among the emergency department (ED) nurses to emphasize the presence of forensic nurses in ED and suggest encouraging essential forensic nursing education. Methods: A quantitative descriptive survey using a questionnaire was carried out to the nurses, who had a minimum of 6 months experience in the ED. This study was conducted at 7 hospitals in the Republic of Korea. Results: A total of 124 nurses were enrolled. As to the Awareness of the forensic nursing role, all the core data obtained an average of 3.39 points out of 4 points, and the documentation category was the highest score of 3.57. For the performance of the forensic nursing role, all the core data obtained an average of 2.50 points out of 4 points, and a documentation category acquired the highest score of 2.91. There is a significant correlation of (r=.452, p<.001) the awareness and performance of the forensic nursing role. Conclusion: Currently, the awareness regarding the forensic nursing role is low level. Therefore, the performance of forensic nursing role has also become low level. Consequently, forensic nursing education is essential for ED nurses to preserve evidence accurately.

• Journal of East-West Nursing Research
• /
• v.24 no.1
• /
• pp.10-19
• /
• 2018

Purpose: The purpose of this study was to examine factors affecting the performance of the forensic nursing role among emergency department (ED) nurses. Methods: Data collection was conducted on 125 nurses of EDs in 9 medical centers in U metropolitan city from June 20 to July 20, 2016. Data were analyzed by descriptive statistics, t-test, ANOVA, Pearson's correlation coefficients, and stepwise multiple regression using SPSS Win 21.0 program. Results: There were statistically significant differences in the performance of the forensic nursing role according to the types of emergency medical institutions, perception of the forensic nursing and forensic nurse. Performance of the forensic nursing role had positive relationships with the awareness of the forensic nursing role and forensic nursing competency. Factors affecting the performance of forensic nursing role were forensic nursing role awareness, the types of emergency medical institutions and forensic nursing competency. These factors explained 40.8% of the total variance. Conclusion: The results suggest that awareness of the forensic nursing role, forensic nursing competency and the types of emergency medical institutions have influences on the performance of forensic nursing role. Therefore, it is necessary to design interventions suitable for the types of emergency medical institutions for ED nurses to enhance the awareness of forensic nursing role and to reinforce forensic nursing competency.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.269-272
• /
• 2011

The lawsuit is being made on the smart phone. And recent is getting a lot of evidence for the smart phone data in a court of law. Thus, the evidence of illegal use smartphone for the extraction of data and evidence collection, forensic procedure is a need for research. In this paper, evidence of phone forensic procedure for the extraction of the data suggests. And, by collecting forensic evidence from smartphones ensure the integrity of digital evidence and how to solve the case investigated. With this study, smartphone forensic will be able to contribute to the development.

• Biomedical Science Letters
• /
• v.27 no.2
• /
• pp.105-110
• /
• 2021

Short Tandem Repeats (STR) analysis which characterized by genetic polymorphism has been widely used in the forensic genetic fields. Unfortunately, mutation occurred in various STR loci could make it difficult to interpret STR data. Thus, the mutation rate of STR loci plays an important role for the data interpretation in human identification and paternity test. To verify the mutation of the STR loci in the Korean population, 545 trio sets (father, mother, and child) were analyzed with two commercial STR kits that include the 23 autosomal STR loci (D1S1656, TPOX, D2S441, D2S1338, D3S1358, FGA, D5S818, CSF1PO, D7S820, D8S1179, D10S1248, TH01, D12S391, VWA D13S317, D16S539, D18S51, D19S433, D21S11, D22S1045, SE33, Penta E and Penta D). As a result, 36 mutations were observed in 14 STR loci. The types of mutation were also classified by the increase or decrease of the alleles. The overall mutation rate was 1.4×10^-3, and the paternal mutation rate was four times higher than that of the maternal. This study will provide more detailed criterion for human identification by the mutation rate of STR loci in the Korean population.

• Journal of Information Technology Applications and Management
• /
• v.30 no.6
• /
• pp.113-142
• /
• 2023

As society becomes more digital, the need for digital forensics experts are gradually increasing. It is necessary to establish a training policy that reflects the special characteristics of digital forensics personnel. Although there are fragmented policies for digital forensics-related systems and human resources training in academia, it is an urgently necessary to establish a systematic and long-term policy to foster digital forensics experts. This study suggests curriculum of digital forensic based on the importance ranking among forensic subjects. The importance ranking can be decided by forensic experts. This study can be used as policy data to foster diverse talent that can effectively meet the increasing demand for digital forensics talent. The systematic curriculum proposed in this study is a practical curriculum at the undergraduate level and can be suitable for university level

• Journal of Internet Computing and Services
• /
• v.12 no.5
• /
• pp.47-61
• /
• 2011

Recently, the importance of digital forensic has been magnified because of the dramatic increase of cyber crimes and the increasing complexity of the investigation of target systems such as PCs, servers, and database systems. Moreover, some systems have to be investigated with live forensic techniques. However, even though live forensic techniques have been improved, they are still vulnerable to anti-forensic activities when the target systems are remotely accessible by criminals or their accomplices. To solve this problem, we first suggest a layer-based model and the anti-forensic scenarios which can actually be applicable to each layer. Our suggested model, the Anti-Forensic Activites layer-based model, has 5 layers - the physical layer, network layer, OS layer, database application layer and data layer. Each layer has possible anti-forensic scenarios with detailed commands. Second, we propose a fuzzy expert system for effectively detecting anti-forensic activities. Some anti-forensic activities are hardly distinguished from normal activities. So, we use fuzzy logic for handling ambiguous data. We make rule sets with extracted commands and their arguments from pre-defined scenarios and the fuzzy expert system learns the rule sets. With this system, we can detect anti-forensic activities in real time when performing live forensic.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.6
• /
• pp.855-861
• /
• 2013

Smartphone is very useful for use in the real life through the improvement of computing power, faster data rate and the variety of applications. On the other hand, using the smartphone has been exposed to a lot of crime. Also, it occurs attempting to delete a data of smartphone memory by anti-forensic tools. In this paper, we investigate and analyze the anti-forensic tools used in the Android smartphone to study the characteristics and techniques of anti-forensic tools. In addition, experiments are performed to validate the availability of anti-forensic tools by the Oxygen Forensic Suite that is a commercial forensic tool.