• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.135-152
• /
• 2016

Because of the evolution of mobile devices such as smartphone, the necessity of mobile forensics is increasing. In spite of this necessity, the mobile forensics does not fully reflect the characteristic of the mobile device. For this reason, this paper analyzes the legal, institutional, and technical considerations for figuring out facing problems of mobile forensics. Trough this analysis, this study discuss the limits of screening seizure on the mobile device. Also, analyzes and verify the mobile forensic data acquisition methods and tools for ensuring the admissibility of mobile forensic evidence in digital investigation.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.11
• /
• pp.101-105
• /
• 2012

Various social problems through violating personal information and privacy are growing with the rapid spread of smartphones. For this reason, variety of researches and technology developments to protect personal information being made. The smartphone, contains almost all of the personal information, can cause data spill at any time. Collecting or analyzing evidence is not an easy job with forensic analyzing tool. Android forensics research has been focused on techniques to collect and analyze data from non-volatile memory but research for volatile data is very slight. Android log is the non-volatile data that can be collected by volatile storage. It is enough to use as a material to track the usage of the Android phone because all of the recent driven records from system to application are stored. In this paper, we propose a method to respond to determining the existence of personal information leakage by filtering logs without forensic analysis tools.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.10
• /
• pp.115-121
• /
• 2022

In this paper, we analyze trends in the use of mobile forensic technology, focusing on cases where mobile forensics are used, and we predict the development of future mobile forensics technology using linear regression used in future prediction models. For the current status and outlook analysis, we extracted a total of 8 variables by analyzing 1,397 domestic and foreign mobile forensics-related cases and newspaper articles. We analyzed the prospects for each variable using the year of occurrence as an independent variable, seven variables such as text (text message usage information), communication information (cell phone communication information), Internet usage information, messenger usage information, stored files, GPS, and others as dependent variables. As a result of the analysis, among various aspects of the use of mobile devices, the use of Internet usage information, messenger usage information, and data stored in mobile devices is expected to increase. Therefore, it is expected that continuous research on technologies that can effectively extract and analyze characteristic information of mobile devices such as file systems, the Internet, and messengers will be needed As mobile devices increase performance and utilization in the future and security technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.671-685
• /
• 2023

By applying artificial intelligence to image editing technology, it has become possible to generate high-quality images with minimal traces of manipulation. However, since these technologies can be misused for criminal activities such as dissemination of false information, destruction of evidence, and denial of facts, it is crucial to implement strong countermeasures. In this study, image file and mobile forensic artifacts analysis were conducted for detecting image manipulation. Image file analysis involves parsing the metadata of manipulated images and comparing them with a Reference DB to detect manipulation. The Reference DB is a database that collects manipulation-related traces left in image metadata, which serves as a criterion for detecting image manipulation. In the mobile forensic artifacts analysis, packages related to image editing tools were extracted and analyzed to aid the detection of image manipulation. The proposed methodology overcomes the limitations of existing graphic feature-based analysis and combines with image processing techniques, providing the advantage of reducing false positives. The research results demonstrate the significant role of such methodology in digital forensic investigation and analysis. Additionally, We provide the code for parsing image metadata and the Reference DB along with the dataset of manipulated images, aiming to contribute to related research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1397-1404
• /
• 2017

When a digital forensic investigation is conducted on a damaged storage medium, recovery is performed using a recovery tool. But the result of each recovery tool is different depending on the tools. Therefore, it is necessary to identify and use the performance and limitations of the tool for accurate investigation. In this paper, we propose a scenario considering the disk recognition type such as MBR, GPT and the structural characteristics of FAT32 and NTFS filesystem to verify the performance of the partition recovery tool. And then We validate the existing tools with the data set built on the scenarios.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.893-906
• /
• 2023

Awareness that smartphones can be used as tools for criminal activity is prevalent in many organizations, but the functionally smartphone-like smartwatch's potential as a criminal tool is being overlooked. Considering this situation, this research verifies the possibility of information leakage through an insider's smartwatch in a situation where smartphones are controlled by security regulations and technologies, but smart watch are not. By analyzing information related application usage and Wi-Fi connection generated in the smartwatch during the verification process, forensic information and limitations are identified. Finally, this research proposes preventive methods to prepare for potential smartwatch-related crimes, and reconsiders awareness of the possibility of using smartwatches as criminal tools.

• Journal of the Korean Magnetic Resonance Society
• /
• v.17 no.1
• /
• pp.1-10
• /
• 2013

Metabolomics is the study which detects the changes of metabolites level. Metabolomics is a terminal view of the biological system. The end products of the metabolism, metabolites, reflect the responses to external environment. Therefore metabolomics gives the additional information about understanding the metabolic pathways. These metabolites can be used as biomarkers that indicate the disease or external stresses such as exposure to toxicant. Many kinds of biological samples are used in metabolomics, for example, cell, tissue, and bio fluids. NMR spectroscopy is one of the tools of metabolomics. NMR data are analyzed by multivariate statistical analysis and target profiling technique. Recently, NMR-based metabolomics is a growing field in various studies such as disease diagnosis, forensic science, and toxicity assessment.

• Imaging Science in Dentistry
• /
• v.50 no.2
• /
• pp.153-159
• /
• 2020

Purpose: This study was conducted evaluate the influence of reconstruction parameters of micro-computed tomography (micro-CT) images on bone mineral density (BMD) analyses. Materials and Methods: The sample consisted of micro-CT images of the maxillae of 5 Wistar rats, acquired using a SkyScan 1174 unit (Bruker, Kontich, Belgium). Each acquisition was reconstructed following the manufacturer's recommendations(standard protocol; SP) for the application of artifact correction tools(beam hardening correction [BHC], 45%; smoothing filter, degree 2; and ring artifact correction [RAC], level 5). Additionally, images were reconstructed with 36 protocols combining different settings of artifact correction tools (P0 to P35). BMD analysis was performed for each reconstructed image. The BMD values obtained for each protocol were compared to those obtained using the SP through repeated-measures analysis of variance with the Dunnett post hoc test(α=0.05). Results: The BMD values obtained from all protocols that used a BHC of 45% did not significantly differ from those obtained using the SP (P>0.05). The other protocols all yielded significantly different BMD values from the SP(P<0.05). The smoothing and RAC tools did not affect BMD values. Conclusion: BMD values measured on micro-CT images were influenced by the BHC level. Higher levels of BHC induced higher values of BMD.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.223-230
• /
• 2013

Recently, a large number of corporations are adopting cloud solution in order to reduce IT-related costs. By the way, Digital Trace should have admissibility to be accepted as digital evidence in court, and integrity is one of the factors for admissibility. In this context, this research implemented integrity verification test to VM Data which was collected by well-known private cloud solutions such as Citrix, VMware, and MS Hyper-V. This paper suggests the effective way to verify integrity of VM data collected in private cloud computing environment based on the experiment and introduces the error that EnCase fails to mount VHD (Virtual Hard Disk) files properly.