• Journal of Internet Computing and Services
• /
• v.21 no.3
• /
• pp.93-102
• /
• 2020

In order for data obtained through all stages of digital crime investigation to be recognized as evidence capability, it must satisfy legal / technical requirements. In this paper, we propose a mechanism and implement software to provide digital forensic evidence by automatically recovering files by scanning / inspecting the unallocated area inside the storage disk block without relying on information provided by the file system. The proposed technique checks / analyzes the RAW disk data of the system under analysis in 512-byte block units based on information on the storage format / file structure of various files stored on the disk without referring to the file system-related information provided by the operating system. The file carving process was implemented, and a smart carving mechanism was proposed to intelligently restore deleted or damaged files in the storage device. As a result, we have provided a block based smart carving method to intelligently identify fragmented and damaged files in storage efficiently for forgery analysis on digital forensic investigation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.407-416
• /
• 2018

Instagram is a Social Network Service(SNS) that has recently become popular among people of all ages and it makes people to construct social relations and share hobbies, daily routines, and useful information. However, since the uploaded information can be accessed by arbitrary users and it is easily shared with others, frauds, stalking, misrepresentation, impersonation, an infringement of copyright and malware distribution are reported. For this reason, it is necessary to analyze Instagram from a view of digital forensics but the research involved is very insufficient. So in this paper, We performed reverse engineering and dynamic analysis of Instagram from a view of digital forensics in the Android environment. As a result, we checked three database files that contain user behavior analysis data such as chat content, chat targets, posted photos, and cookie information. And we found the path to save 4 files and the xml file to save various data. Also we propose ways to use the above results in digital forensics.

• Journal of Digital Convergence
• /
• v.16 no.4
• /
• pp.379-386
• /
• 2018

The purpose of this study was examine the mediating effects of defeat and entrapment on the relationship between mentally disordered offender's depression and suicidal ideation. A sample of 86 patients in the national forensic hospital completed self-report measures of depression, defeat, entrapment and suicidal ideation. The data from patients collected data were analyzed by mediating effects according to the procedures prosposed by Baron and Kenny. As a result, defeat and entrapment fully mediated the relationship between depression and suicidal ideation, indicating that depression indirectly affect suicidal ideation through defeat and entrapment. Finally, limitations of the results of this study and therapeutic interventions to prevent suicides by mentally disordered offenders were discussed.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.2
• /
• pp.143-151
• /
• 2008

74% of Internet users use the UCC, and You Tube using firearms in a crime occurred. Internet crime occurred in the online, non-face transaction, anonymous, encapsulation. In this paper, we are studied a Network Forensic Way and a technique analyze an aspect criminal the Internet haying appeared at Internet UCC, and to chase. Study ID, IP back-tracking and position chase through corroborative facts collections of the UCC which used UCC search way study of the police and a public prosecutor and storage way and network forensic related to crimes of Internet UCC. Proof data encrypt, and store, and study through approach control and user authentication so that they are adopted to legal proof data through integrity verification after transmission and storages. This research via the Internet and criminal conspiracy to block the advance promotion, and for the criminal investigative agencies of the Internet will contribute to the advancement forensics research.

• Imaging Science in Dentistry
• /
• v.49 no.1
• /
• pp.19-26
• /
• 2019

Purpose: It has been proposed that using new prediction methods, such as neural networks based on dental data, could improve age estimation. This study aimed to assess the possibility of exploiting neural networks for estimating age by means of the pulp-to-tooth ratio in canines as a non-destructive, non-expensive, and accurate method. In addition, the predictive performance of neural networks was compared with that of a linear regression model. Materials and Methods: Three hundred subjects whose age ranged from 14 to 60 years and were well distributed among various age groups were included in the study. Two statistical software programs, SPSS 21 (IBM Corp., Armonk, NY, USA) and R, were used for statistical analyses. Results: The results indicated that the neural network model generally performed better than the regression model for estimation of age with pulp-to-tooth ratio data. The prediction errors of the developed neural network model were acceptable, with a root mean square error (RMSE) of 4.40 years and a mean absolute error (MAE) of 4.12 years for the unseen dataset. The prediction errors of the regression model were higher than those of the neural network, with an RMSE of 10.26 years and a MAE of 8.17 years for the test dataset. Conclusion: The neural network method showed relatively acceptable performance, with an MAE of 4.12 years. The application of neural networks creates new opportunities to obtain more accurate estimations of age in forensic research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.151-166
• /
• 2009

To prove the integrity of digital evidence on the investigation procedure, the data which is using the MD 5(Message Digest 5) hash-function algorithm has to be discarded, if the integrity was damaged on the investigation. Even though a proof restoration of the deleted area is essential for securing the proof regarding a main phase of a case, it was difficult to secure the decisive evidence because of the damaged evidence data due to the difference between the overall hash value and the first value. From this viewpoint, this paper proposes the novel model for the mobile forensic procedure, named as "E-Finder(Evidence Finder)", to ,solve the existing problem. The E-Finder has 5 main phases and 15 procedures. We compared E-Finder with NIST(National Institute of Standards and Technology) and Tata Elxsi Security Group. This paper thus achieved the development and standardization of the investigation methodology for the mobile forensics.

• Journal of Software Assessment and Valuation
• /
• v.15 no.2
• /
• pp.51-57
• /
• 2019

On increasing illegal software copyright, the need for similarity analysis is now rising. The reliability of object material are becoming important when it's moving from developer to evaluation experts. Object material as a comparison data, is the important data to the evaluation expert which is delivered from agencies such as courts and police stations. The object material is submitted at first to the Copyright Commission and then delivered to the evaluation expert with safe. However, if the similarity result is not satisfied to the both side, they will claim to the reliability of the object material such as source code modification or revision etc. Software objects is produced in a file format and are recognized as being able to be modified. Therefore, the reliability to the object material is studied in various ways, and a forensic is proposed as one method. This study showed the suggestion to keep reliability of the object material through the actual evaluation cases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.629-638
• /
• 2013

Recently the interest in the information privacy has been growing. Digital data can be easily transferred via Internet. Service providers ask users for private data to give customized services. Users believe that their shared data are protected as they deliver their private data securely. However, their private data may be leaked if service providers do not delete or initialize them when they expire. The possibility of information leak may lower if the service providers deal with users' private data properly. In this paper, we study the self-destruction of private data for information privacy and propose the glass-box model.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.9-13
• /
• 2021

With the development of communication technology, various forms of digital crime are increasing, and the need for digital forensics is increasing. Moreover, if a textual document containing sensitive data is deliberately deleted or modified by a particular person, it could be important data to prove its connection to a particular person and crime through a system that checks for data modification detection. This paper proposes a data modification detection system that can analyze the hash data, file size, file creation date, file modification date, file access date, etc. of SHA-256, one of the encryption techniques, focusing on text files, to compare whether the target text file is modified or not.

• Journal of Auto-vehicle Safety Association
• /
• v.16 no.1
• /
• pp.35-41
• /
• 2024

In order to verify autonomous driving scenarios and safety, a lot of driving and accident data is needed, so various organizations are conducting classification and analysis of traffic accident types. In this study, it was determined that accident recording devices such as EDR (Event Data Recorder) and DSSAD (Data Storage System for Automated Driving) would become an objective standard for analyzing the causes of autonomous vehicle accidents, and traffic accidents that occurred from 2015 to 2020 were analyzed. Using the database system of IGLAD (Initiative for the Global Harmonization of Accident Data), approximately 360 accident data of EDR-equipped vehicles were classified and their characteristics were analyzed by comparing them with accident types of ADAS (Advanced Driver Assistance System)-equipped vehicles. It will be used to develop autonomous vehicle accident investigation guidelines in the future.