• Title/Summary/Keyword: Forensic Tools

Search Result 68, Processing Time 0.022 seconds

The Recovery of the Deleted Certificate and the Detection of the Private-Key Encryption Password (삭제된 공인인증서의 복구 및 개인키 암호화 패스워드의 검출)

  • Choi, Youn-Sung;Lee, Young-Gyo;Lee, Yun-Ho;Park, Sang-Joon;Yang, Hyung-Kyu;Kim, Seung-Joo;Won, Dong-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.41-55
    • /
    • 2007
  • The certificate is used to confirm and prove the user's identity in online finance and stocks business. A user's public key is stored in the certificate(for e.g., SignCert.der) and the private key, corresponding to public key, is stored in the private key file(for e.g., SignPri.key) after encryption using the password that he/she created for security. In this paper, we show that the certificate, deleted by the commercial certificate software, can be recovered without limitation using the commercial forensic tools. In addition, we explain the problem that the private key encryption password can be detected using the SignCert.der and the SignPri.key in off-line and propose the countermeasure about the problem.

VMProtect Operation Principle Analysis and Automatic Deobfuscation Implementation (VMProtect 동작원리 분석 및 자동 역난독화 구현)

  • Bang, Cheol-ho;Suk, Jae Hyuk;Lee, Sang-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.605-616
    • /
    • 2020
  • Obfuscation technology delays the analysis of a program by modifying internal logic such as data structure and control flow while maintaining the program's functionality. However, the application of such obfuscation technology to malicious code frequently occurs to reduce the detection rate of malware in antivirus software. The obfuscation technology applied to protect software intellectual property is applied to the malicious code in reverse, which not only lowers the detection rate of the malicious code but also makes it difficult to analyze and thus makes it difficult to identify the functionality of the malicious code. The study of reverse obfuscation techniques that can be closely restored should also continue. This paper analyzes the characteristics of obfuscated code with the option of Pack the Output File and Import Protection among detailed obfuscation technologies provided by VMProtect 3.4.0, a popular tool among commercial obfuscation tools. We present a de-obfuscation algorithm.

Comparison of Remaining Data According to Deletion Events on Microsoft SQL Server (Microsoft SQL Server 삭제 이벤트의 데이터 잔존 비교)

  • Shin, Jiho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.223-232
    • /
    • 2017
  • Previous research on data recovery in Microsoft SQL Server has focused on restoring data based on in the transaction log that might have deleted records exist. However, there was a limit that was not applicable if the related transaction log did not exist or the physical database file was not connected to Server. Since the suspect in the crime scene may delete the data records using a different deletion statements besides "delete", we need to check the remaining data and a recovery possibility of the deleted record. In this paper, we examined the changes "Page Allocation information" of the table, "Unallocation deleted data", "Row Offset Array" in the page according to "delete", "truncate" and "drop" events. Finally it confirmed the possibility of data recovery and availability of management tools in Microsoft SQL Server digital forensic investigation.

Nonlinear modeling of beam-column joints in forensic analysis of concrete buildings

  • Nirmala Suwal;Serhan Guner
    • Computers and Concrete
    • /
    • v.31 no.5
    • /
    • pp.419-432
    • /
    • 2023
  • Beam-column joints are a critical component of reinforced concrete frame structures. They are responsible for transferring forces between adjoining beams and columns while limiting story drifts and maintaining structural integrity. During severe loading, beam-column joints deform significantly, affecting, and sometimes governing, the overall response of frame structures. While most failure modes for beam and column elements are commonly considered in plastic-hinge-based global frame analyses, the beam-column joint failure modes, such as concrete shear and reinforcement bond slip, are frequently omitted. One reason for this is the dearth of published guidance on what type of hinges to use, how to derive the joint hinge properties, and where to place these hinges. Many beam-column joint models are available in literature but their adoption by practicing structural engineers has been limited due to their complex nature and lack of practical application tools. The objective of this study is to provide a comparative review of the available beam-column joint models and present a practical joint modeling approach for integration into commonly used global frame analysis software. The presented modeling approach uses rotational spring models and is capable of modeling both interior and exterior joints with or without transverse reinforcement. A spreadsheet tool is also developed to execute the mathematical calculations and derive the shear stress-strain and moment-rotation curves ready for inputting into the global frame analysis. The application of the approach is presented by modeling a beam column joint specimen which was tested experimentally. Important modeling considerations are also presented to assist practitioners in properly modeling beam-column joints in frame analyses.

Usefulness of Data Mining in Criminal Investigation (데이터 마이닝의 범죄수사 적용 가능성)

  • Kim, Joon-Woo;Sohn, Joong-Kweon;Lee, Sang-Han
    • Journal of forensic and investigative science
    • /
    • v.1 no.2
    • /
    • pp.5-19
    • /
    • 2006
  • Data mining is an information extraction activity to discover hidden facts contained in databases. Using a combination of machine learning, statistical analysis, modeling techniques and database technology, data mining finds patterns and subtle relationships in data and infers rules that allow the prediction of future results. Typical applications include market segmentation, customer profiling, fraud detection, evaluation of retail promotions, and credit risk analysis. Law enforcement agencies deal with mass data to investigate the crime and its amount is increasing due to the development of processing the data by using computer. Now new challenge to discover knowledge in that data is confronted to us. It can be applied in criminal investigation to find offenders by analysis of complex and relational data structures and free texts using their criminal records or statement texts. This study was aimed to evaluate possibile application of data mining and its limitation in practical criminal investigation. Clustering of the criminal cases will be possible in habitual crimes such as fraud and burglary when using data mining to identify the crime pattern. Neural network modelling, one of tools in data mining, can be applied to differentiating suspect's photograph or handwriting with that of convict or criminal profiling. A case study of in practical insurance fraud showed that data mining was useful in organized crimes such as gang, terrorism and money laundering. But the products of data mining in criminal investigation should be cautious for evaluating because data mining just offer a clue instead of conclusion. The legal regulation is needed to control the abuse of law enforcement agencies and to protect personal privacy or human rights.

  • PDF

A Study on the Possibility for Incident Investigation Using PLC Logs (PLC 로그의 사고조사 활용 가능성에 관한 연구)

  • Chang, Yeop;Kim, Taeyeon;Kim, Woo-Nyon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.745-756
    • /
    • 2020
  • An ICS(industrial control system) is a complex system that safely and efficiently monitors and controls industrial processes such as electric power, water treatment, transportation, automation plants and chemical plants. Because successful cyber attacks targeting ICS can lead to casualties or serious economic losses, it becomes a prime target of hacker groups sponsored by national state. Cyber campaigns such as Stuxnet, Industroyer and TRITON are real examples of successful ICS attacks, and were developed based on the deep knowledge of the target ICS. Therefore, for incident investigation of ICSs, inspectors also need knowledge of control processes and accident investigation techniques specialized for ICSs. Because there is no applicable technology, it is especially necessary to develop techniques and tools for embedded controllers located at cyber and physical boundaries. As the first step in this research, we reviewed logging capability of 4 PLC(Programmable Logic Controller)s widely used in an ICS area, and checked whether selected PLCs generate logs that can be used for digital investigation in the proposed cyber attack scenario.

Comparison of Optimal Storage Temperature and Collection Reagents for Living Bacterial Cells in Swab Samples (면봉시료에서 세균의 보존을 위한 최적 보관 온도와 채취 시약의 비교)

  • Lee, Yeong Ju;You, Hee Sang;Lee, Song Hee;Lee, So Lip;Lee, Han;Sung, Ho Joong;Kang, Hee Gyoo;Hyun, Sung Hee
    • Korean Journal of Clinical Laboratory Science
    • /
    • v.53 no.4
    • /
    • pp.326-332
    • /
    • 2021
  • Swabs are useful and common sampling tools in various research fields, such as medicine, ecology, biotechnology, forensic medicine, and pollutant monitoring systems. Collection reagents are one of the essential components in sampling. It is important to develop a sample collection kit and designate an appropriate storage temperature because samples need to be stored for a long time. The purpose of this study was to identify the effects of three collection reagents and three storage temperatures on the recovery of living bacteria without media. We selected Escherichia coli and Staphylococcus aureus as representative environmental bacteria. Distilled water (DW), phosphate buffered saline (PBS), and Tris-EDTA (TE) buffer were used as collection reagents and stored at 22℃, 4℃, and -70℃ after sampling. The results of using each collection reagent and storage temperature on the bacteria were compared using relative light units (RLU) and the number of colony forming units (CFU). When using -70℃ storage temperature and the TE buffer, the number of living bacteria and the RLU values remained constant. It is therefore recommended that the sample be stored at -70℃ immediately after collection and a TE buffer solution be used as the collection reagent.

Recidivism prediction of sex offender risk assessment tools: STATIC-99 and HAGSOR-Dynamic (교정시설내 성범죄자 재범위험성 평가도구의 재범 예측: STATIC-99와 HAGSOR-동적요인을 중심으로)

  • Yoon, Jeongsook
    • Korean Journal of Forensic Psychology
    • /
    • v.13 no.2
    • /
    • pp.99-119
    • /
    • 2022
  • Research on sex offense has shown that sex offenders are very heterogeneous. Sex offenders are heterogeneous in their probability of risk of recidivism. Some sex offenders are known to be much higher in their tendencies to reactivate than others. The study examined the predictive and explanatory power of static and dynamic risk factors in STATIC-99 and HAGSOR-Dynamic which have been used in Korean correctional facilities since 2014. STATIC-99 and HAGSOR-Dynamic showed moderate predictive accuracy for all crimes(AUC = .737, AUC = .597, respectively, ps < .001). However, when examining sex crime alone, only STATIC-99 predicted recidivism significantly(AUC = .743, p < .001). The incremental predictive power of HAGSOR-Dynamic was confirmed; the explanatory power of Model 2 comprising both static and dynamic risk factors were significant beyond Model 1 comprising only static factors(∆χ2= 12.721, p < .001), but this tendency was only applied to the model of all crimes. These findings were discussed with implications of practicing the sex offender assessment and treatment.