• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.489-499
• /
• 2017

MS office is a office software which is widely used in the world. The OOXML format has been applied to the document structure from MS office 2007 to the newest version. In this regard, the method of data concealing, which is a representative anti-forensic act has been researched and developed, so the method of detecting concealed data is very important to the digital forensic investigation. In this paper, we present an improved data concealing method bypassing the previewers detecting methods for OOXML formatted MS office documents. In addition, we show concealment of the internal data like sheets and slides for MS office 2013 Excel and PowerPoint, and suggest an improved detecting algorithm against this data concealing.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3943-3957
• /
• 2016

As digital evidence has a highly influential role in proving the innocence of suspects, methods for integrity verification of such digital evidence have become essential in the digital forensic field. Most surveillance camera systems are not equipped with proper built-in integrity protection functions. Because digital forgery techniques are becoming increasingly sophisticated, manually determining whether digital content has been falsified is becoming extremely difficult for investigators. Hence, systematic approaches to forensic integrity verification are essential for ascertaining truth or falsehood. We propose an integrity determination method that utilizes the structure of the video content in a Video Event Data Recorder (VEDR). The proposed method identifies the difference in frame index fields between a forged file and an original file. Experiments conducted using real VEDRs in the market and video files forged by a video editing tool demonstrate that the proposed integrity verification scheme can detect broken integrity in video content.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.189-191
• /
• 2022

In modern society, messenger services are necessary to communication with others, and criminals are no exception. In representative cases of Burning Sun Gate(2018) and NthRoom(2019), messenger data analysis was used as a smoking gun to solve these criminal cases. Therefore messenger text analytics is critical for the resolution of crimes in a modern environment. also, it takes a lot of time to analyze messenger data in the digital forensic investigation process, so researchers in text mining need to be more effective to respond with the current situation In this paper, we study various natural language preprocessing(NLP) methods according to the characteristics of instant messages to effectively proceed with NLP analysis on instant messengers.

• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.21-28
• /
• 2021

This study examines factors affecting correction officer's preference toward institute for forensic psychiatric. The data were collected from the correction officers who worked at the six correctional facilities in 2019. Binary logistic regression was used to find the factors on the officer's preference. The result showed that the correction officers had their own preference toward prison for forensic psychiatric, and the preference was positively related to the age of the officer, work experience at the mental health center, mentally-ill prisoner's fighting as the rule-violation in prison, refusal of medical treatment, and lack of laws and regulations for the mentally-ill prisoners. In contrast, there was a negative relationship between the officer's rank and the preference for forensic psychiatric. More work needs to be done in the future research to collect more samples and include a broader ranger of variables than now.

• Journal of radiological science and technology
• /
• v.46 no.4
• /
• pp.315-323
• /
• 2023

Post-mortem computed tomography (PMCT) is commonly employed in the field of forensic pathology. PMCT was mainly performed using a whole-body scan with a wide field of view (FOV), which lead to a decrease in spatial resolution due to the increased pixel size. This study aims to evaluate the potential for developing a super-resolution model based on conditional generative adversarial networks (CGAN) to enhance the image quality of CT. 1761 low-resolution images were obtained using a whole-body scan with a wide FOV of the head phantom, and 341 high-resolution images were obtained using the appropriate FOV for the head phantom. Of the 150 paired images in the total dataset, which were divided into training set (96 paired images) and validation set (54 paired images). Data augmentation was perform to improve the effectiveness of training by implementing rotations and flips. To evaluate the performance of the proposed model, we used the Peak Signal-to-Noise Ratio (PSNR), Structural Similarity Index Measure (SSIM) and Deep Image Structure and Texture Similarity (DISTS). Obtained the PSNR, SSIM, and DISTS values of the entire image and the Medial orbital wall, the zygomatic arch, and the temporal bone, where fractures often occur during head trauma. The proposed method demonstrated improvements in values of PSNR by 13.14%, SSIM by 13.10% and DISTS by 45.45% when compared to low-resolution images. The image quality of the three areas where fractures commonly occur during head trauma has also improved compared to low-resolution images.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.349-356
• /
• 2013

As various features of the smartphone have been used, a lot of information have been stored in the smartphone, including the user's personal information. However, a frequent update of the operating system and applications may cause a loss of data and a risk of missing important personal data. Thus, the importance of data backup is significantly increasing. Many users employ the backup feature to store their data securely. However, in the point of forensic view these backup files are considered as important objects for investigation when issued hiding of smartphone or intentional deletion on data of smartphone. Therefore, in this paper we propose a scheme that analyze structure and restore data for Kies backup files of Samsung smartphone which has the highest share of the smartphone in the world. As the experimental results, the suggested scheme shows that the various types of files are analyzed and extracted from those backup files compared to other tools.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.143-154
• /
• 2011

SQLite is a small sized database engine largely used in embedded devices and local application software. The availability of portable devices, such as smartphones, has been extended over the recent years and has contributed to growing adaptation of SQLite. This implies a high likelihood of digital evidences acquired during forensic investigations to include SQLite database files. Where intentional deletion of sensitive data can be made by a suspect, forensic investigators need to recover deleted records in SQLite at the best possible. This study analyzes data management rules used by SQLite and the structure of deleted data in the system, and in turn suggests a recovery Tool of deleted data. Further, the study examines major SQLite suited software as it validates feasible possibility of deleted data recovery.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.9
• /
• pp.464-472
• /
• 2017

In the ICT (Information and Communication Technology) convergence security environment, a lot of companies use an external public web system for the external disclosure and sharing of product information, manufacturing technology, service manualsand marketing materials. In this way, the web system disclosed on the Internet is an important aspect of cyber security management and has an always-on vulnerability requiringan information protection solution and IT vulnerability checks. However, there are limits to vulnerability detection management in anexternal environment. In this study, in order to solvethese problems, we constructed a system based on digital forensics and conducted an empirical study on the detection of important information in enterprises by using forensic techniques. It was found thatdue to the vulnerability of web systems operated in Korea and overseas, important information could be revealed,such as the companies' confidential data and security management improvements. In conclusion, if a system using digital forensic techniques is applied in response to theincreasing number of hacking incidents, the security management of vulnerable areas will be strengthened and the cyber security management system will be improved.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.135-152
• /
• 2016

Because of the evolution of mobile devices such as smartphone, the necessity of mobile forensics is increasing. In spite of this necessity, the mobile forensics does not fully reflect the characteristic of the mobile device. For this reason, this paper analyzes the legal, institutional, and technical considerations for figuring out facing problems of mobile forensics. Trough this analysis, this study discuss the limits of screening seizure on the mobile device. Also, analyzes and verify the mobile forensic data acquisition methods and tools for ensuring the admissibility of mobile forensic evidence in digital investigation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.9
• /
• pp.2055-2062
• /
• 2013

Digital evidence which is the new form of evidence to crime makes little difference in value and function with existing evidences. As time goes on, digital evidence will be the important part of the collection and the admissibility of evidence. Usually a digital forensic investigator has to spend a lot of time in order to find clues related to the investigation among the huge amount of data extracted from one or more potential containers of evidence such as computer systems, storage media and devices. Therefore, these evidences need to be ranked and prioritized based on the importance of potential relevant evidence to decrease the investigate time. In this paper we propose a methodology which prioritizes order in which evidences are to be examined in order to help in selecting the right evidence for investigation. The proposed scheme is based on Fuzzy Multi-Criteria Decision Making, in which uncertain parameters such as evidence investigation duration, value of evidence and relation between evidence, and relation between the case and time are used in the decision process using the aggregation function in fuzzy set theory.