• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.95-104
• /
• 2017

As the technology in smart device is growing and Social Network Services(SNS) are becoming more common, the data which is difficult to be processed by existing RDBMS are increasing. As a result of this, NoSQL databases are getting popular as an alternative for processing massive and unstructured data generated in real time. The demand for the technique of digital investigation of NoSQL databases is increasing as the businesses introducing NoSQL database in their system are increasing, although the technique of digital investigation of databases has been researched centered on RDMBS. New techniques of digital forensic investigation are needed as NoSQL Database has no schema to normalize and the storage method differs depending on the type of database and operation environment. Research on document-based database of NoSQL has been done but it is not applicable as itself to other types of NoSQL Database. Therefore, the way of operation and data model, grasp of operation environment, collection and analysis of artifacts and recovery technique of deleted data in HBase which is a NoSQL column-based database are presented in this paper. Also the proposed technique of digital forensic investigation to HBase is verified by an experimental scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.293-302
• /
• 2015

With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.417-428
• /
• 2020

With the rapid development of information and communication technology, mobile devices have become an essential tool in our lives. Mobile devices are used as important evidence in criminal proof, as they accumulate data simultaneously with PIM functions while working with users most of the time. The mobile forensics is a procedure for obtaining digital evidence from mobile devices and should be collected and analyzed in accordance with due process, just like other evidence, and the integrity of the evidence is essential because it has aspects that are easy to manipulate and delete. Also, the adoption of evidence relies on the judges' liberalism, which necessitates the presentation of generalized procedures. In this paper, a mobile forensics model is presented to ensure integrity through the generalization of procedures. It is expected that the proposed mobile forensics model will contribute to the formation of judges by ensuring the reliability and authenticity of evidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.647-659
• /
• 2023

As digital evidence becomes more important in criminal investigations, disputes are increasing in court. As media diversifies and the scope of analysis expands, the level of expertise in digital forensics is also increasing. However, no competency model has been developed to define the capabilities of digital evidence examiners or to judge their expertise. There have been some studies that have derived the capabilities necessary for digital evidence examiner, but they are still insufficient. Therefore, in this study, 25 competency evaluation factors in a total of 9 competency groups were defined using methodologies such as expert FGI and Delphi survey. Specifically, it was defined as Digital Forensics Theory, Digital Evidence Collection&Management, Disk Forensics, Mobile Forensics, Video Forensics, infringement forensics, DB Forensics, Embedded(IoT) Forensics, and Cloud Forensics. The digital evidence examiner competency model is expected to be used in various fields such as recruitment, education and training, and performance evaluation in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.55-65
• /
• 2011

Recently, use of cloud computing service is dramatically increasing due to wired and wireless communications network diffusion in a field of high performance Internet technique. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. In a view of digital forensic investigation, it is difficult to obtain data from cloud computing service environments. therefore, this paper suggests analysis method of AWS(Amazon Web Service) and Rackspace which take most part in cloud computing service where IaaS formats presented for data acquisition in order to get an evidence.

• Transactions of the Korean Society of Automotive Engineers
• /
• v.25 no.3
• /
• pp.374-379
• /
• 2017

In vehicle to pedestrian accidents, cracks occur in the vehicle laminated glass due to impact of a pedestrian's head. In this study, FMH(Free Motion Headform) was used to experiment on and analyze the crack patterns on a vehicle laminated glass that collides with an adult headform at speeds of 20 km/h, 30 km/h, and 40 km/h, respectively. Applying the acquired experimental data and material property of the vehicle laminated glass to the structural analysis program LS-Dyna, we could develop the FE model of vehicle laminated glass similar to real vehicle laminated glass. We could estimate the head impact velocity and pedestrian's vehicle impact velocity using the Madymo program.

• Transactions of the Korean Society of Automotive Engineers
• /
• v.23 no.3
• /
• pp.254-262
• /
• 2015

This paper presents 3D collision deformation modelling methodologies using photogrammetry for reconstruction of vehicle accidents. A vehicle's deformation shape in collision provides important information on how the vehicle collided. So effective measurement(scanning) and construction of a corresponding appropriate model are essential in the analysis of collision deformation shape for obtaining much information related to collision accident. Two measurement methods were used in this study: Indirect-photogrammetry which requires relatively small amount of photos or videos, and direct-photogrammetry which requires large amount of photos directly taken for the purpose of 3D modelling. When the indirect-photogrammetry method, which was mainly used in this study, lacked enough photographic information, already secured 2D numerical deformation data was used as a compensation. This made 3D collision deformation modelling for accident reconstruction analysis possible.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.433-436
• /
• 2001

지적 재산권 보호 중에서 디지털 상거래에서 가장 절실한 저작물 보호는 근래에 활발히 연구되고 있으며 법 과학 분야는 지문감식, 치아감정 DNA 등 많은 분야가 있다. 그러나 법과학 분야중 법적용 컴퓨팅(Forensic Computing)에 관한 응용은 아직 부족한 상태이다. 그중에도 디지털 저작물에 대하여 증거를 보전 하고자 많은 연구가 진행 되고 있지만 디지털 저작물에 관하여 네트워크를 통한 능동적 저작물 보호는 미약하다. 현재의 데이터 추출(Extraction), 발굴(Exploitation), 복구, 암호 해독, 패스워스 풀기(Defeat), 미러 이미징등의 방법 가지고 해결 못하는 경우와 인터넷 상에서 온라인으로 이루어지는 불법 복제에서 결정적 기여(smoking gun)를 찾아내려고 하는 것이 본 논문에서 해결 하고자 하는 부분이다. 오프라인일 경우도 가능하며 분석된 결과는 변호사/대리인, 법인, 보험회사, 법집행관등에게 온라인으로 제공한다. 진행 과정은 서버에서 파견시킨, 미션을 부여받은 에이전트가 저작물 불법 복제 상황을 트래킹 한 후, 네트워크를 통하여 정해진 시간별로 서버에 전달하면, 법 조항과 매핑시켜서 분석한 다음 서버의 지식베이스에 저장되어 사용자의 요구에 응하는 능동형 디지털 저작물 보호 관리 시스템이다.

• Proceedings of the Korea Contents Association Conference
• /
• 2016.05a
• /
• pp.317-318
• /
• 2016

급속한 현대사회의 정보화로 인하여 개인 정보에 대한 정보 유출 및 위협의 빈도가 높아지고 있는 상황에서 기존의 디지털 포렌식 수사 모델에서 사용하고 있는 해시 검색 프로세스는 개인정보 노출에 취약한 파일이 존재하고 있다. 이에 본 논문에서는 개인정보 노출 취약점 진단을 추가한 해시 검색 프로세스를 제안한다. 이를 통하여 정밀 조사와 일반 조사 대상을 정확하게 파악할 수 있을 것으로 기대된다.

• Journal of Korea Multimedia Society
• /
• v.12 no.4
• /
• pp.550-558
• /
• 2009

In ubiquitous environment, more small, lightweight, cheap and movable device is used than one device used in wired network environment. Multimedia service which is anytime, anywhere, is provided by device. However, it does not ensure the fair use of multimedia contents and causes damage to the contents providers because of illegal copy and distribution and indiscriminate use of digital contents. For solving this problems, DRM is applied to wired network but it has the problems does not protect stored license and manage license completely because of depending on simple protection such as device authentication and cryptographic algorithm. This paper proposes the license management model using digital forensic and DRM that prevents contents and licenses from distributing illegally and also enables the creation of evidence for legal countermeasure and the protection of license in whole life cycle.