• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.129-141
• /
• 2008

This paper analyzes repairing methods in terms of symptoms of hard disk through maker's knowhow and skill from experience. However, though an user tries this method, if the user is not skilled person, it can be failed. A defect Hard disk should be diagnosed and treated carefully. And also it should be executed after enough practice. This analyzation was tried by examination with the naked eye, sound, and the frequency of symptoms. And the result can be precious data for restoration of critical evidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.151-166
• /
• 2009

To prove the integrity of digital evidence on the investigation procedure, the data which is using the MD 5(Message Digest 5) hash-function algorithm has to be discarded, if the integrity was damaged on the investigation. Even though a proof restoration of the deleted area is essential for securing the proof regarding a main phase of a case, it was difficult to secure the decisive evidence because of the damaged evidence data due to the difference between the overall hash value and the first value. From this viewpoint, this paper proposes the novel model for the mobile forensic procedure, named as "E-Finder(Evidence Finder)", to ,solve the existing problem. The E-Finder has 5 main phases and 15 procedures. We compared E-Finder with NIST(National Institute of Standards and Technology) and Tata Elxsi Security Group. This paper thus achieved the development and standardization of the investigation methodology for the mobile forensics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.89-100
• /
• 2011

Physical memory analysis has been an issue on a field of live forensic analysis in digital forensics until now. It is very useful to make the result of analysis more reliable, because record of user behavior and data can be founded on physical memory although process is hided. But most memory analysis focuses on windows based system. Because the diversity of target system to be analyzed rises up, it is very important to analyze physical memory based on other OS, not Windows. Mac OS X, has second market share in Operating System, is operated by loading kernel image to physical memory area. In this paper, We propose a methodology for physical memory analysis on Mac OS X using symbol information in kernel image, and acquire a process information, mounted device information, kernel information, kernel extensions(eg. KEXT) and system call entry for detecting system call hooking. In additional to the methodology, we prove that physical memory analysis is very useful though experimental study.

• Journal of Information Processing Systems
• /
• v.18 no.2
• /
• pp.245-257
• /
• 2022

In the Internet of Things (IoT) era, the types of devices used by one user are becoming more diverse and the number of devices is also increasing. However, a forensic investigator is restricted to exploit or collect all the user's devices; there are legal issues (e.g., privacy, jurisdiction) and technical issues (e.g., computing resources, the increase in storage capacity). Therefore, in the digital forensics field, it has been a challenge to acquire information that remains on the devices that could not be collected, by analyzing the seized devices. In this study, we focus on the fact that multiple devices share data through account synchronization of the online platform. We propose a novel way of identifying the user's interest through analyzing the remnants of targeted advertising which is provided based on the visited websites or search terms of logged-in users. We introduce a detailed methodology to pick out the targeted advertising from cache data and infer the user's interest using deep learning. In this process, an improved learning model considering the unique characteristics of advertisement is implemented. The experimental result demonstrates that the proposed method can effectively identify the user interest even though only one device is examined.

• The Korean Journal of Emergency Medical Services
• /
• v.27 no.2
• /
• pp.31-40
• /
• 2023

Purpose: The study aims to provide basic data for understanding the department of paramedicines' bachelor's degree courses to enable curriculum development and reorganization. Methods: The 2023 academic curricula for all eleven universities with active departments of paramedicine offering bachelor's degrees were investigated from April 25 to May 10, 2023. Results: The average courseload was 22.0 units. There were 7.73 major subjects, with 19.45 units on average. The culture subject was available in 7 colleges and was 2.55 units on the average 1.18 subject. Grouping the major subjects showed that 15.3% of subjects were related to advanced paramedicine (the most common course), followed by 11.8% related to research methodology and seminar, and 10.8% related to radiology and simulations. Related subjects in statistics, disaster, and forensic science were also offered. Conclusion: This study found that the curricula of the departments of paramedicine differed from that of the general bachelor's degree. Going forward, university leaders should organize the paramedicine curriculum considering the environmental changes in emergency medicine and the scalability of EMT-Paramedic jobs.

• The Journal of Economics, Marketing and Management
• /
• v.4 no.3
• /
• pp.12-24
• /
• 2016

Fraudulent financial reporting practices can have significant consequences for organizations and all stakeholders, as well as, for public confidence in the capital and security markets. In fact, comprehensive, accurate and reliable financial reporting is the bedrock upon which our markets are based. Keen to project a rosy picture of the Satyam to investors, employees and analysts, Mr. Raju (CEO and Chairman) fudged the account books so that it appeared to be a far bigger enterprise, with high profits and fast growth rate, than it actually was. The Satyam fraud has shattered the dreams of different categories of investors, shocked the government and regulators alike, and led to questioning of the accounting practices of statutory auditors and corporate governance norms in India. This is an exploratory study based on secondary sources of information. An attempt has been made to provide an explanation for various intriguing questions about Satyam scam. After thorough investigations by the CBI and SEBI, they have unveiled the methodology by which Satyam fraud was engineered. Finally, we recommend "Fraudulent reporting practices should be considered as a serious crime, and accounting bodies, courts and other regulatory authorities in India need to adopt very strict punitive measures to stop such unethical practices."

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.57-67
• /
• 2013

Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.

• Journal of Internet Computing and Services
• /
• v.23 no.2
• /
• pp.61-70
• /
• 2022

General users who use smartphone apps often use the Vault app to protect personal information such as photos and videos owned by individuals. However, there are increasing cases of criminals using the Vault app function for anti-forensic purposes to hide illegal videos. These apps are one of the apps registered on Google Play. This paper proposes a methodology for extracting feature points through XML-based keyword frequency analysis to explore Vault apps used by criminals, and text mining techniques are applied to extract feature points. In this paper, XML syntax was compared and analyzed using strings.xml files included in the app for 15 hidden Vault anti-forensics apps and non-hidden Vault apps, respectively. In hidden Vault anti-forensics apps, more hidden-related words are found at a higher frequency in the first and second rounds of terminology processing. Unlike most conventional methods of static analysis of APK files from an engineering point of view, this paper is meaningful in that it approached from a humanities and sociological point of view to find a feature of classifying anti-forensics apps. In conclusion, applying text mining techniques through XML parsing can be used as basic data for exploring hidden Vault anti-forensics apps.