• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.13-19
• /
• 2006

I would like to explain a method how to get important data from a volatile data securely, when we are not available to use network in computer system by incident. The main idea is that the first investigator who collects a volatile data by applying scripts built in USB media should be in crime scene at the time. In according to volatile data, he generates hash value, and gets witness signature. After that, he analyses the volatile data with authentication in forensics system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.897-907
• /
• 2013

Since various smart devices are being developed, a growing number of people are reading eBooks instead of paper books. However, people started making eBooks on their own by scanning paper books because there are not enough eBooks provided from market. The term "Bookscan" was made with this reason. The number of bookscan company is increasing because the equipment is too expensive. However, the commercial activity of bookscan company is against copyright law. Also bookscan files are in danger of being illegally distributed on web, because bookscan companies are not protecting copyright. Publication market follows the same procedure with sound market which was collapsed due to copyright problem. Therefore, the technical methods should be prepared for law system against bookscan. The previous ICOP(Illegal Copyrights Obstruction Program) system has been applied to sound and movie files, but not applied to publication. This paper suggests the framework for bookscan file management based on practical mechanism.

• Informatization Policy
• /
• v.24 no.3
• /
• pp.91-107
• /
• 2017

Digital forensics is the process of uncovering and interpreting electronic data and materials found in digital device in relation to crime. The goal of the process is to preserve any evidence in its most original form which shall be having the force of law. The digital forensic market is increasing with a growth of ICT in domestic and global market. Many countries including U.S. are actively performing researched regarding a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing past events which so does in academic society in Korea. This paper is to understand overall research trend about digital forensics and derive future strategy by integrating the result of meta-analysis into practices based on five criteria - main theme and topic, analysis phase, technical method for analysis, author's affiliation, and unit of analysis and method. 239 papers are analyzed, which were selected out of 470 papers published for 10 years (2007~2016) in academic journal on the list of KCI (Korea Citation index). The results of this analysis will be used to examine the characteristics of research in the field of digital forensics. The result of this research will contribute to understanding of the research trend and characteristics leading the technology-driven academia, through which measures for further research development and facilitation are suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.511-525
• /
• 2023

As awareness of personal data protection increases, various Full Disk Encryption (FDE)-based applications are being developed that real-time encryption or use virtual drive volumes to protect data on user's PC. FDE-based applications encrypt and protect the volume containing user's data. However, as disk encryption technology advances, some users are abusing FDE-based applications to encrypt evidence associated with criminal activities, which makes difficulties in digital forensic investigations. Thus, it is necessary to analyze the encryption process used in FDE-based applications and decrypt the encrypted data. In this paper, we analyze Cryptomator and Norton Ghost, which provide volume encryption and backup functions. We analyze the encrypted data structure and encryption process to classify the main data of each application and identify the encryption algorithm used for data decryption. The encryption algorithms of these applications are recently emergin gor customized encryption algorithms which are analyzed to decrypt data. User password is essential to generate a data encryption key used for decryption, and a password acquisition method is suggested using the function of each application. This supplemented the limitations of password investigation, and identifies user data by decrypting encrypted data based on the acquired password.

• Journal of forensic and investigative science
• /
• v.1 no.2
• /
• pp.5-19
• /
• 2006

Data mining is an information extraction activity to discover hidden facts contained in databases. Using a combination of machine learning, statistical analysis, modeling techniques and database technology, data mining finds patterns and subtle relationships in data and infers rules that allow the prediction of future results. Typical applications include market segmentation, customer profiling, fraud detection, evaluation of retail promotions, and credit risk analysis. Law enforcement agencies deal with mass data to investigate the crime and its amount is increasing due to the development of processing the data by using computer. Now new challenge to discover knowledge in that data is confronted to us. It can be applied in criminal investigation to find offenders by analysis of complex and relational data structures and free texts using their criminal records or statement texts. This study was aimed to evaluate possibile application of data mining and its limitation in practical criminal investigation. Clustering of the criminal cases will be possible in habitual crimes such as fraud and burglary when using data mining to identify the crime pattern. Neural network modelling, one of tools in data mining, can be applied to differentiating suspect's photograph or handwriting with that of convict or criminal profiling. A case study of in practical insurance fraud showed that data mining was useful in organized crimes such as gang, terrorism and money laundering. But the products of data mining in criminal investigation should be cautious for evaluating because data mining just offer a clue instead of conclusion. The legal regulation is needed to control the abuse of law enforcement agencies and to protect personal privacy or human rights.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.625-633
• /
• 2018

Realm is an open source database developed to replace SQLite, which is commonly used in mobile devices. The data stored in the database must be checked during the digital forensic analysis process for mobile devices because it can help to understand the behavior of the user and whether the mobile device is operating or not. In addition, since the user can intentionally use anti-forensic techniques such as deleting data stored in the database, research on how to recover deleted records is needed. In this paper, we propose a method to recover records that have not been overwritten after deletion based on the analysis of the structure and record and deletion process of the Realm database file.

• The KIPS Transactions:PartC
• /
• v.17C no.4
• /
• pp.327-334
• /
• 2010

The operated type of navigation is composed of hardware or software. The navigation based on software is stored and ran in the external storage(e.g. SD card). For the convenience of users, Many car navigation systems store user information such as frequently visited place, route, and so on. Those can be used to proving the alibi of users as well as their relationship between the actual owner of the vehicle through data and time information analysis. Therefore, if it is analyzed datas of navigation, we can get a lot of information such as user's movement, route of car. There are important implications in the digital forensics because it's available for investigating the various crimes. This paper demonstrates the necessary information in the digital investigation through the analysis of stored data in the navigation.

• Journal of Internet Computing and Services
• /
• v.21 no.3
• /
• pp.93-102
• /
• 2020

In order for data obtained through all stages of digital crime investigation to be recognized as evidence capability, it must satisfy legal / technical requirements. In this paper, we propose a mechanism and implement software to provide digital forensic evidence by automatically recovering files by scanning / inspecting the unallocated area inside the storage disk block without relying on information provided by the file system. The proposed technique checks / analyzes the RAW disk data of the system under analysis in 512-byte block units based on information on the storage format / file structure of various files stored on the disk without referring to the file system-related information provided by the operating system. The file carving process was implemented, and a smart carving mechanism was proposed to intelligently restore deleted or damaged files in the storage device. As a result, we have provided a block based smart carving method to intelligently identify fragmented and damaged files in storage efficiently for forgery analysis on digital forensic investigation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.407-416
• /
• 2018

Instagram is a Social Network Service(SNS) that has recently become popular among people of all ages and it makes people to construct social relations and share hobbies, daily routines, and useful information. However, since the uploaded information can be accessed by arbitrary users and it is easily shared with others, frauds, stalking, misrepresentation, impersonation, an infringement of copyright and malware distribution are reported. For this reason, it is necessary to analyze Instagram from a view of digital forensics but the research involved is very insufficient. So in this paper, We performed reverse engineering and dynamic analysis of Instagram from a view of digital forensics in the Android environment. As a result, we checked three database files that contain user behavior analysis data such as chat content, chat targets, posted photos, and cookie information. And we found the path to save 4 files and the xml file to save various data. Also we propose ways to use the above results in digital forensics.

• Journal of Digital Convergence
• /
• v.16 no.4
• /
• pp.379-386
• /
• 2018

The purpose of this study was examine the mediating effects of defeat and entrapment on the relationship between mentally disordered offender's depression and suicidal ideation. A sample of 86 patients in the national forensic hospital completed self-report measures of depression, defeat, entrapment and suicidal ideation. The data from patients collected data were analyzed by mediating effects according to the procedures prosposed by Baron and Kenny. As a result, defeat and entrapment fully mediated the relationship between depression and suicidal ideation, indicating that depression indirectly affect suicidal ideation through defeat and entrapment. Finally, limitations of the results of this study and therapeutic interventions to prevent suicides by mentally disordered offenders were discussed.