• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.71-82
• /
• 2011

Live data in physical memory can be acquired by live forensics but not by harddisk file-system analysis. Therefore, in case of forensic investigation, live forensics is widely used these days. But, existing live forensic methods, that use command line tools in live system, have many weaknesses; for instance, it is not easy to re-analyze and results can be modified by malicious code. For these reasons, in this paper we explain the Windows kernel architecture and how to analyze physical memory dump files to complement weaknesses of traditional live forensics. And then, we design and implement the Physical Memory Dump Explorer, and prove the effectiveness of our tool through test results.

• Transactions of the Korean Society of Automotive Engineers
• /
• v.23 no.6
• /
• pp.615-622
• /
• 2015

Recently Digital-TachoGraph(DTG) was mounted mandatorily in commercial vehicles(Taxi, Bus, etc.). DTG records accurate and detailed information of the running state of vehicles related to traffic accident, such as Time, Distance, Velocity, RPM, Brake ON/OFF, GPS, Azimuth, Acceleration. Thus those standardized data can play an important role in traffic accident investigation and reconstruction. To develope the accurate and objective method using the DTG data for the reconstruction of traffic accident, we had conducted several tests such as driving test, high speed circuit test, braking test, slalom test at Korea Automobile Testing & Research Institute(KATRI), and collision test at Korea Automobile insurance repair Research and Training center(KART) with the vehicle equipped with several DTG. Development of the program which enables the reading and analysis of the DTG data was followed. In the experiments, we have found velocity error, RPM error, brake signal error and azimuth error in several products, and also non-continuous event data. The cause of these errors was deduced to be related to the correction factor, the durability of electronic parts and the algorithm.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.9
• /
• pp.3068-3086
• /
• 2022

Digital Forensics is gaining popularity in adjudication of criminal cases as use of electronic gadgets in committing crime has risen. Traditional approach to collecting digital evidence falls short when the disk is encrypted. Encryption keys are often stored in RAM when computer is running. An approach to acquire forensic data from RAM when the computer is shut down is proposed. The approach requires that the investigator immediately cools the RAM and transplant it into a host computer provisioned with a tool developed based on cold boot concept to acquire the RAM image. Observation of data obtained from the acquired image compared to the data loaded into memory shows the RAM chips exhibit some level of remanence which allows their content to persist after shutdown which is contrary to accepted knowledge that RAM loses its content immediately there is power cut. Results from experimental setups conducted with three different RAM chips labeled System A, B and C showed at a reduced temperature of -25C, the content suffered decay of 2.125% in 240 seconds, 0.975% in 120 seconds and 1.225% in 300 seconds respectively. Whereas at operating temperature of 25℃, there was decay of 82.33% in 60 seconds, 80.31% in 60 seconds and 95.27% in 120 seconds respectively. The content of RAM suffered significant decay within two minutes without power supply at operating temperature while at a reduced temperature less than 5% decay was observed. The findings show data can be recovered for forensic evidence even if the culprit shuts down the computer.

• Journal of Platform Technology
• /
• v.11 no.1
• /
• pp.11-22
• /
• 2023

Various video conferencing and collaboration applications have emerged due to the global epidemic of new viral infections. In addition to real-time video conferencing, video conferencing applications provide features such as chat and file sharing on various platforms. Because various personal information is stored through functions such as chatting, file and screen sharing, these video conferencing applications are the major target of analysis from a digital forensic investigation. In the case of applications that provide cross-platform, the form of stored data is different depending on the platform. Therefore, to utilize data of video conferencing application for forensic investigation, preliminary research on artifacts stored by platform is required. In this paper, we used the video conferencing applications GoToWebinar and GoToMeeting and analyzed the artifacts generated. As a result, we list the main data from a digital forensic investigation. We identify data stored for each platform provided by GoToWebinar and GoToMeeting and organize artifacts that can estimate user behavior. Also, we classify the data that can be acquired according to the role and environment within the video conference.

• Journal of the Korean Society of Safety
• /
• v.32 no.5
• /
• pp.13-19
• /
• 2017

In this paper, study of vehicle fire cases caused by connector and power wiring of anti-lock brake system(ABS) module damage is presented. The purpose of ABS module is to improve braking and steering ability under sudden stop of the vehicle by repeatedly activating and releasing the brake with electric signal via electric control unit. The electric control unit for ABS may experience incomplete contact between power line and signal line or electrical breakdown on the printed circuit board by undergoing repetitive signal change which would consequently result in electrical heat and spark, eventually leading to automotive fire. Therefore, the purpose of this paper is to provide fundamental data by analyzing connector and power wiring of ABS module damage conducive to the precise investigation on the cause of vehicle fire.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.91-100
• /
• 2007

Nowadays, there exist many forensic tools in forensic investigation. For common investigator it may cause some difficulty in handling the existing forensic tools. In case of urgent condition, if it takes long time to get the useful evidence from data, then it makes the investigation process difficult. Thus, the common investigator can collect the evidence easily by simple clicking the mouse. The only thing he needs is a tool for examination before investigating in details. Therefore, in this paper we refer to useful information in the forensic investigation, discuss the design and the implementation of tool.

• Journal of Advanced Navigation Technology
• /
• v.17 no.3
• /
• pp.325-331
• /
• 2013

Social network services(SNS) has been used as a means of communication for user or express themselves user. Therefore, SNS has a variety of information. This information is useful to help the investigation can be used as evidence. In this paper, A study of mobile digital forensic procedure for crime investigation in social network service. Analysis of database file taken from the smartphone at social network service application for mobile digital forensic procedure. Therefore, we propose a procedure for the efficient investigation of social network service mobile digital forensic.

• Journal of Information Science Theory and Practice
• /
• v.12 no.1
• /
• pp.39-59
• /
• 2024

An online social network is a platform that is continuously expanding, which enables groups of people to share their views and communicate with one another using the Internet. The social relations among members of the public are significantly improved because of this gesture. Despite these advantages and opportunities, criminals are continuing to broaden their attempts to exploit people by making use of techniques and approaches designed to undermine and exploit their victims for criminal activities. The field of digital forensics, on the other hand, has made significant progress in reducing the impact of this risk. Even though most of these digital forensic investigation techniques are carried out manually, most of these methods are not usually appropriate for use with online social networks due to their complexity, growth in data volumes, and technical issues that are present in these environments. In both civil and criminal cases, including sexual harassment, intellectual property theft, cyberstalking, online terrorism, and cyberbullying, forensic investigations on social media platforms have become more crucial. This study explores the use of machine learning techniques for addressing criminal incidents on social media platforms, particularly during forensic investigations. In addition, it outlines some of the difficulties encountered by forensic investigators while investigating crimes on social networking sites.

• YAKHAK HOEJI
• /
• v.55 no.2
• /
• pp.106-115
• /
• 2011

Systematic toxicological analysis (STA) means the process for general unknown screening of drugs and toxic compounds in biological fluids. In order to establish STA, in previous study we investigated pattern of drugs & poisons in autopsy cases during 2007~2009 in Korea, and finally selected 62 drugs as target drugs for STA. In this study, rapid and simple drug identification and quantitative analytical program by gas chromatography-mass spectrometry(GC-MS) was developed. The in-house program, "DrugMan", consisted of modified chemstation data analysis menu and newly developed macro modules. Total 55 drugs among 62 target drugs were applied to this program, they were 14 antidepressants, 8 anti-histamines, 5 sedatives/hypnotics, 5 narcotic analgesics, 3 antipsychotic drugs, and etc. For calibration curves, fifty five drugs were divided into four groups of range considering their therapeutic or toxic concentrations in blood specimen, i.e. 0.05~1 mg/l, 0.1~1 mg/l, 0.1~5 mg/l or 0.5~10 mg/l. Standards spiked bloods were extracted by solid-phase extraction (SPE) with trimipramine-D3 as internal standard. Parameters such as retention times, 3 mass fragment ions, and calibration curves for each drug were registered to DrugMan. A series of identification, semi quantitation of target drugs and reporting the results were performed automatically. Calibration curves for most drugs were linear with correlation coefficients exceeding 0.98. Sensitivity rate of DrugMan was 0.90 (90%) for 55 drugs at the level of 0.5 mg/l. For standard spiked bloods at the level of 0.5 mg/l for 29 drugs, semi quantitative concentrations were ranged 0.36~0.64 mg/l by DrugMan. If more drugs are registered to database in DrugMan in further study, it will be useful tools for STA in forensic toxicology.

• Korean Journal of Veterinary Research
• /
• v.63 no.3
• /
• pp.21.1-21.6
• /
• 2023

The increasing prevalence of toxic substance-exposure in pets in South Korea endangers the health and safety of numerous companion animals, and has become a cause for concern. Notably, the annual incidence of forensic analysis in pets has increased by more than 150% in South Korea, mainly in populous regions such as Seoul, Incheon, and Gyeonggi. In response to this growing issue, veterinary forensic examinations were conducted on 549 dogs and cats from 2019 to 2022. This study revealed the presence of various toxic substances, including pesticides, insecticides, and drugs such as analgesics, anesthetics, antidepressants, and muscle relaxants, in pets. Among the 38 different toxins identified in pets, coumatetralyl, methomyl, terbufos, and buprofezin were the most frequently detected. In this study, toxic substances for pets were identified based on the "toxic agent list for humans," developed by the National Forensic Services, because no list of toxic agents for animals currently exists and data regarding potentially toxic substances for dogs and cats is limited. This is one of the limitations of this study, and necessitates the establishment of a toxic agent list for animals. Continued monitoring and research is also recommended to reveal the incidence, causes, and solutions of toxicity in animals.