• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1171-1179
• /
• 2021

Image forensic is performed to check image limpidness. In this paper, a robust scheme is discussed to detect median filtering in low quality images. Detection of median filtering assists in overall image forensic. Improved spatial statistical features are extracted from the image to classify pristine and median filtered images. Image array data is rescaled to enhance the spatial statistical information. Features are extracted using Markov model on enhanced spatial statistics. Multiple difference arrays are considered in different directions for robust feature set. Further, texture operator features are combined to increase the detection accuracy and SVM binary classifier is applied to train the classification model. Experimental results are promising for images of low quality JPEG compression.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.87-96
• /
• 2006

In this paper, we examine general digital evidence collection process which is according to RFC3227 document[l], and establish specific steps for memory information collection. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system. Especially, we discovered sensitive data which is like password and userID that exist in the half of pagefiles. Moreover, we suggest each analysis technique and computer forensic process for memory information and virtual memory.

• Imaging Science in Dentistry
• /
• v.52 no.1
• /
• pp.83-91
• /
• 2022

Purpose: This study assessed the associations between chronological age, dental maturation (DM), cervical vertebrae maturation (CVM), and hand-wrist maturation (HWM) in individuals aged 9-19 years. In addition, this study aimed to derive practical methods to evaluate the skeletal age using DM, CVM, or HWM for orthodontic, medical, and forensic purposes and to compare which of these 3 developmental parameters is more accurate for estimating the age of individuals in a Turkish population. Materials and Methods: Panoramic, lateral cephalometric, and hand-wrist radiographs of 284 patients aged 9-19 years were used in this study. The DM, CVM, and HWM stages were determined. The Kolmogorov-Smirnov, kappa, Wilcoxon, Kruskal-Wallis, chi-square, and Spearman correlation tests and simple linear regression analysis were used for statistical analysis. The significance level was 0.05. Results: Statistically significant differences were found between chronological age and DM, chronological age and CVM, and chronological age and HWM in both sexes (P<0.05). DM did not show statistically significant differences according to sex (P>0.05), but CVM and HWM were statistically different between males and females (P<0.05). The DM-estimated age yielded more accurate values than the other methods. Conclusion: All correlations between skeletal and dental stages were statistically significant. Our results showed that there was no statistically significant difference between chronological age and DM-estimated age. Therefore, it can be concluded that DM stages have the potential to be used for legal purposes.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.346-376
• /
• 2018

Digital forensics is a vital part of almost every criminal investigation given the amount of information available and the opportunities offered by electronic data to investigate and evidence a crime. However, in criminal justice proceedings, these electronic pieces of evidence are often considered with the utmost suspicion and uncertainty, although, on occasions are justifiable. Presently, the use of scientifically unproven forensic techniques are highly criticized in legal proceedings. Nevertheless, the exceedingly distinct and dynamic characteristics of electronic data, in addition to the current legislation and privacy laws remain as challenging aspects for systematically attesting evidence in a court of law. This article presents a comprehensive study to examine the issues that are considered essential to discuss and resolve, for the proper acceptance of evidence based on scientific grounds. Moreover, the article explains the state of forensics in emerging sub-fields of digital technology such as, cloud computing, social media, and the Internet of Things (IoT), and reviewing the challenges which may complicate the process of systematic validation of electronic evidence. The study further explores various solutions previously proposed, by researchers and academics, regarding their appropriateness based on their experimental evaluation. Additionally, this article suggests open research areas, highlighting many of the issues and problems associated with the empirical evaluation of these solutions for immediate attention by researchers and practitioners. Notably, academics must react to these challenges with appropriate emphasis on methodical verification. Therefore, for this purpose, the issues in the experiential validation of practices currently available are reviewed in this study. The review also discusses the struggle involved in demonstrating the reliability and validity of these approaches with contemporary evaluation methods. Furthermore, the development of best practices, reliable tools and the formulation of formal testing methods for digital forensic techniques are highlighted which could be extremely useful and of immense value to improve the trustworthiness of electronic evidence in legal proceedings.

• Journal of Oral Medicine and Pain
• /
• v.23 no.2
• /
• pp.193-209
• /
• 1998

In identifying bodies that are severely decayed or damaged, methods using fingerprints and various biochemical tests are known to have its limits. To overcome this, forensic odontological method which is based on the analysis of the cranium, tooth and dental restoration is used to enhance the accuracey of individual identification. For this reason, I have come to analysis of the dental materials that exists between the teeth that is perceived to have been previously restored and the one adjacent to it. By analyzing the constituents of gold crown-restored, non-precious metal-restored, gold inlay-restored and amalgam -restored teeth, and adjacent teeth using EDX(energy dispersive X-ray microanalysis) which was invented to analyze very small amount of elements, the nature of the restoration could be predicted and the results obtained were as follows. 1. Some of constitute of gold alloy was extracted from residual cement of gold crown restoration, but that was not extracted from the restored tooth and the one adjacent to it. 2. Some of constituents of non-precious metal alloy was extracted both in the residual cement on the tooth with no-precious metal restoration and in the tooth with the restoration itself. However, none of its constituents were found in the tooth adjacent to it. 3. Some of constituents of gold alloy were found in the residual cement of gold inlay, but they were not found in the restored tooth and the adjacent tooth. 4. Some of constituents of amalgam alloy were found both in tooth restored with amalgam and in the adjacent tooth. From the results obtained above, it is possible to utilize the data obtained from analyizing residual dental materials in a more effective way. This data compensates for the lost data due to any harm done to the restorations prior to individual identification and further enhances the accuracy. Therefore, it could be concluded that this process of analyzing residual dental materials could be beneficial to individual identification in the area of forensic odontoldogy.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.12
• /
• pp.487-496
• /
• 2017

In MySQL InnoDB, there are two ways of storing data. One is to create a separate tablespace for each table and store it separately. Another is to store all table and index information in a single system tablespace. You can use this information to recover deleted data from the record. However, in most of the current database forensic studies, the former is actively researched and its structure is analyzed, whereas the latter is not enough to be used for forensics. Both approaches must be analyzed in terms of database forensics because their storage structures are different from each other. In this paper, we propose a method for recovering deleted records in a method of storing records in IBDATA file, which is a single system tablespace. First, we analyze the IBDATA file to reveal its structure. And introduce delete record recovery algorithm which extended to an unallocated page area which was not considered in the past. In addition, we show that the recovery rate is improved up to 68% compared with the existing method through verification using real data by implementing the algorithm as a tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1373-1383
• /
• 2017

Deduplication is a function to effectively manage data and improve the efficiency of storage space. When the deduplication is applied to the system, it makes it possible to efficiently use the storage space by dividing the stored file into chunks and storing only unique chunk. However, the commercial digital forensic tool do not support the file system analysis, and the original file extracted by the tool can not be executed or opened. Therefore, in this paper, we analyze the process of generating chunks of data for a Windows Server 2012 system that can apply deduplication, and the structure of the resulting file(Chunk Storage). We also analyzed the case where chunks that are not covered in the previous study are compressed. Based on these results, we propose the method to collect deduplicated data and reconstruct the original file for digital forensic investigation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.491-498
• /
• 2016

Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

• The korean journal of orthodontics
• /
• v.53 no.3
• /
• pp.194-204
• /
• 2023

Objective: To investigate sex-specific correlations between the dimensions of permanent canines and the anterior Bolton ratio and to construct a statistical model capable of identifying the sex of an unknown subject. Methods: Odontometric data were collected from 121 plaster study models derived from Caucasian orthodontic patients aged 12-17 years at the pretreatment stage by measuring the dimensions of the permanent canines and Bolton's anterior ratio. Sixteen variables were collected for each subject: 12 dimensions of the permanent canines, sex, age, anterior Bolton ratio, and Angle's classification. Data were analyzed using inferential statistics, principal component analysis, and artificial neural network modeling. Results: Sex-specific differences were identified in all odontometric variables, and an artificial neural network model was prepared that used odontometric variables for predicting the sex of the participants with an accuracy of > 80%. This model can be applied for forensic purposes, and its accuracy can be further improved by adding data collected from new subjects or adding new variables for existing subjects. The improvement in the accuracy of the model was demonstrated by an increase in the percentage of accurate predictions from 72.0-78.1% to 77.8-85.7% after the anterior Bolton ratio and age were added. Conclusions: The described artificial neural network model combines forensic dentistry and orthodontics to improve subject recognition by expanding the initial space of odontometric variables and adding orthodontic parameters.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.51-61
• /
• 2023

Messengers such as KakaoTalk, LINE, and Facebook Messenger are universal means of communication used by anyone. As the convenience functions provided to users and their usage time increase, so does the user behavior information remaining in the artifacts, which is being used as important evidence from the perspective of digital forensic investigation. However, for security reasons, most of the data is currently stored encrypted. In addition, cover-up behaviors such as intentional manipulation, concealment, and deletion are increasing, causing the problem of delaying digital forensic analysis time. In this paper, we conducted a study on the data decryption and artifacts analysis in a Windows environment for KakaoTalk, the messenger with the largest number of users in Korea. An efficient way of obtaining a decryption key and a method of identifying and decrypting messages attempted to be deleted are presented, and thumbnail artifacts are analyzed.