• YAKHAK HOEJI
• /
• v.55 no.2
• /
• pp.106-115
• /
• 2011

Systematic toxicological analysis (STA) means the process for general unknown screening of drugs and toxic compounds in biological fluids. In order to establish STA, in previous study we investigated pattern of drugs & poisons in autopsy cases during 2007~2009 in Korea, and finally selected 62 drugs as target drugs for STA. In this study, rapid and simple drug identification and quantitative analytical program by gas chromatography-mass spectrometry(GC-MS) was developed. The in-house program, "DrugMan", consisted of modified chemstation data analysis menu and newly developed macro modules. Total 55 drugs among 62 target drugs were applied to this program, they were 14 antidepressants, 8 anti-histamines, 5 sedatives/hypnotics, 5 narcotic analgesics, 3 antipsychotic drugs, and etc. For calibration curves, fifty five drugs were divided into four groups of range considering their therapeutic or toxic concentrations in blood specimen, i.e. 0.05~1 mg/l, 0.1~1 mg/l, 0.1~5 mg/l or 0.5~10 mg/l. Standards spiked bloods were extracted by solid-phase extraction (SPE) with trimipramine-D3 as internal standard. Parameters such as retention times, 3 mass fragment ions, and calibration curves for each drug were registered to DrugMan. A series of identification, semi quantitation of target drugs and reporting the results were performed automatically. Calibration curves for most drugs were linear with correlation coefficients exceeding 0.98. Sensitivity rate of DrugMan was 0.90 (90%) for 55 drugs at the level of 0.5 mg/l. For standard spiked bloods at the level of 0.5 mg/l for 29 drugs, semi quantitative concentrations were ranged 0.36~0.64 mg/l by DrugMan. If more drugs are registered to database in DrugMan in further study, it will be useful tools for STA in forensic toxicology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.103-114
• /
• 2024

In a situation where drone-related crimes continue to rise, research in drone forensics becomes crucial for preventing and responding to incidents involving drones. Conducting forensic analysis on flight record files stored internally is essential for investigating illegal activities. However, analyzing flight record files generated through the exclusive DUML protocol requires a deep understanding of the protocol's structure and characteristics. Additionally, a forensic analysis tool capable of handling cryptographic payloads and analyzing various drone models is imperative. Therefore, this study presents the methods and characteristics of flight record files generated by drones. It also explains the structure of the flight record file and the features of the DUML packet. Ultimately, we conduct forensic analysis based on the presented structure of the DUML packet and propose an extension forensic analysis system that operates more universally than existing tools, performing expanded syntactic analysis.

• Journal of Information Processing Systems
• /
• v.11 no.1
• /
• pp.104-115
• /
• 2015

Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.

• International journal of advanced smart convergence
• /
• v.13 no.3
• /
• pp.150-155
• /
• 2024

Genomic data plays a transformative role in medicine, biology, and forensic science, offering insights that drive advancements in clinical diagnosis, personalized medicine, and crime scene investigation. Despite its potential, the integration and analysis of diverse genomic datasets remain challenging due to compatibility issues and the specialized nature of existing tools. This paper presents the GenomeSync system, designed to overcome these limitations by utilizing the Hadoop framework for large-scale data handling and integration. GenomeSync enhances data accessibility and analysis through SQL-based search capabilities and machine learning techniques, facilitating the identification of genetic traits and the resolution of forensic cases. By pre-processing DNA profiles from crime scenes, the system calculates similarity scores to identify and aggregate related genomic data, enabling accurate prediction models and personalized treatment recommendations. GenomeSync offers greater flexibility and scalability, supporting complex analytical needs across industries. Its robust cloud-based infrastructure ensures data integrity and high performance, positioning GenomeSync as a crucial tool for reliable, data-driven decision-making in the genomic era.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.895-905
• /
• 2024

Even now that the coronavirus pandemic has ended, collaboration tools that connect office work and remote work are showing high usage rates. These collaboration tools are related to sensitive data within an organization, and a lot of data is generated through the interactions of not only individuals but also members of various organizations. However, the generated data is structurally mixed, encrypted, or deleted or hidden through anti-forensic functions supported by collaboration tools. Digital investigations targeting collaboration tools require analysis methods to collect this data and obtain key data. In this paper, we explained how to collect and analyze data using Naver Works, a collaboration tool in the Windows environment.

• Analytical Science and Technology
• /
• v.33 no.2
• /
• pp.98-107
• /
• 2020

Methamphetamine (MA) is currently the most abused illicit drug in Korea. MA is produced by chemical synthesis, and the final target drug that is produced contains small amounts of the precursor chemicals, intermediates, and by-products. To identify and quantify these trace compounds in MA seizures, a practical and feasible approach for conducting chromatographic fingerprinting with a suite of traditional chemometric methods and recently introduced machine learning approaches was examined. This was achieved using gas chromatography (GC) coupled with a flame ionization detector (FID) and mass spectrometry (MS). Following appropriate examination of all the peaks in 71 samples, 166 impurities were selected as the characteristic components. Unsupervised (principal component analysis (PCA), hierarchical cluster analysis (HCA), and K-means clustering) and supervised (partial least squares-discriminant analysis (PLS-DA), orthogonal partial least squares-discriminant analysis (OPLS-DA), support vector machines (SVM), and deep neural network (DNN) with Keras) chemometric techniques were employed for classifying the 71 MA seizures. The results of the PCA, HCA, K-means clustering, PLS-DA, OPLS-DA, SVM, and DNN methods for quality evaluation were in good agreement. However, the tested MA seizures possessed distinct features, such as chirality, cutting agents, and boiling points. The study indicated that the established qualitative and semi-quantitative methods will be practical and useful analytical tools for characterizing trace compounds in illicit MA seizures. Moreover, they will provide a statistical basis for identifying the synthesis route, sources of supply, trafficking routes, and connections between seizures, which will support drug law enforcement agencies in their effort to eliminate organized MA crime.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.21-35
• /
• 2022

The use of digital information according to the development of information and communication technology and the 4th industrial revolution is continuously increasing and diversifying, and in proportion to this, crimes using digital information are also increasing. However, there are few cases of establishing an environment for processing and analysis of digital evidence in Korea. The budget allocated for each organization is different and the digital forensics laboratory built without solving the chronic problem of securing space has a problem in that there is no standard that can be referenced from the initial configuration stage. Based on this awareness of the problem, this thesis conducted an exploratory study focusing on tools and equipment necessary for building a digital forensics laboratory. As a research method, focus group interviews were conducted with 15 experts with extensive practical experience in the digital forensic laboratory or digital forensics field and experts' opinions were collected on the following 9 areas: network configuration, analyst computer, personal tools·equipment, imaging devices, dedicated software, open source software, common tools/equipment, accessories, and other considerations. As a result, a list of tools and equipment for digital forensic laboratories was derived.

• The KIPS Transactions:PartC
• /
• v.17C no.5
• /
• pp.391-398
• /
• 2010

Most of digital forensics tools focus on file analysis of allocated area on storage. So, there is a lack of recovery methods for deleted files by suspects or previously used files. To efficiently analyze deleted files, digital forensic tools depend on data recovery tools. These process not appropriate for quick and efficient responses the incident or integrity preservation. This paper suggests the framework for data recovery and analysis tools from digital forensics point of view and presents implementation results.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.59-66
• /
• 2017

MySQL database is the second place in the market share of the current database. Especially InnoDB storage engine has been used in the default storage engine from the version of MySQL5.5. And many companies are using the MySQL database with InnoDB storage engine. Study on the structural features and the log of the InnoDB storage engine in the field of digital forensics has been steadily underway, but for how to restore on a record-by-record basis for the deleted data, has not been studied. In the process of digital forensic investigation, database administrators damaged evidence for the purpose of destruction of evidence. For this reason, it is important in the process of forensic investigation to recover deleted record in database. In this paper, We proposed the method of recovering deleted data on a record-by-record in database by analyzing the structure of MySQL InnoDB storage engine. And we prove this method by tools. This method can be prevented by database anti forensic, and used to recover deleted data when incident which is related with MySQL InnoDB database is occurred.

• The Journal of Society for e-Business Studies
• /
• v.22 no.1
• /
• pp.107-122
• /
• 2017

Nowadays, digital forensic experts are not only computer experts who restore and find deleted files, but also general experts who posses various capabilities including knowledge about processes/laws, communication skills, and ethics. However, there have been few studies about qualifications or competencies required for digital forensic experts comparing with their importance. Therefore, in this study, AHP questionnaires were distributed to digital forensic experts and analyzed to derive priorities of competencies; the first-tier questions which consisted of knowledge, technology, and attitude, and the second-tier ones which have 20 items. Research findings showed that the most important competency was knowledge, followed by technology and attitude but no significant difference was found. Among 20 items of the second-tier competencies, the most important competency was "digital forensics equipment/tool program utilization skill" and it was followed by "data extraction and imaging skill from storage devices." Attitude such as "judgment," "morality," "communication skill," "concentration" were subsequently followed. The least critical one was "substantial law related to actual cases." Previous studies on training/education for digital forensics experts focused on law, IT knowledge, and usage of analytic tools while attitude-related competencies have not given proper attention. We hope this study can provide helpful implications to design curriculum and qualifying exam to foster digital forensic experts.