• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.95-104
• /
• 2017

As the technology in smart device is growing and Social Network Services(SNS) are becoming more common, the data which is difficult to be processed by existing RDBMS are increasing. As a result of this, NoSQL databases are getting popular as an alternative for processing massive and unstructured data generated in real time. The demand for the technique of digital investigation of NoSQL databases is increasing as the businesses introducing NoSQL database in their system are increasing, although the technique of digital investigation of databases has been researched centered on RDMBS. New techniques of digital forensic investigation are needed as NoSQL Database has no schema to normalize and the storage method differs depending on the type of database and operation environment. Research on document-based database of NoSQL has been done but it is not applicable as itself to other types of NoSQL Database. Therefore, the way of operation and data model, grasp of operation environment, collection and analysis of artifacts and recovery technique of deleted data in HBase which is a NoSQL column-based database are presented in this paper. Also the proposed technique of digital forensic investigation to HBase is verified by an experimental scenario.

• Analytical Science and Technology
• /
• v.36 no.2
• /
• pp.80-88
• /
• 2023

Fingerprints play a crucial role in the identification of potential suspects in criminal cases. However, determining the actual time, i.e., the time at which the fingermark was deposited, is challenging. Herein, we investigated the persistence and aging of fingerprints over time by observing the time evolution of latent fingerprints on a polystyrene box stored in a dark room. Fingerprint samples that were stored for up to two years could be detected with maximum accuracy using a black iron-oxide-based emulsion (black emulsion). To estimate the time of fingerprint deposition, fingerprint aging was studied by analyzing the lipid components of the fingerprints after their development. Cholesterol and squalene were selected as indicators of fingerprint aging, and their ratio was estimated to assess aging. In the case of fingerprint samples stored in a dark room for up to one month after deposition, the cholesterol/squalene ratio was approximately 0.01; it increased gradually to ≥ 0.1 over six months. A substantial reduction in the levels of cholesterol and squalene from the initial levels was also noted. Cholesterol and squalene were not detected after one year of storage. Thus, the extent of aging could be determined by analyzing the aging indicators for up to six months. Two cases that could cause error in the estimation of the fingerprint deposition time, namely, heating of the fingerprint sample before development and storage of the developed fingerprints in a dark room, were also investigated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.515-530
• /
• 2013

The results of investigations into marine incidents have become an important basis in determining not only possible causes, but also the extent of negligence between the perpetrator and victim. However, marine incidents occur under special circumstances i.e. the marine environment, and this leads to difficulties in identifying causes due to problems in scene preservation, reenactment and acquisition of witnesses. Given the aforementioned characteristic of marine incidents, the International Convention for the Safety of Life at Sea (SOLAS) has adopted mandatory regulations on the carriage of Voyage Data Recorders (VDRs) and Automatic Identification Systems (AIS) for ships of a certain gross tonnage and upwards, so as to reflect recent developments in radio communication and marine technology. Adopted to provide an international standard for investigations and to promote cooperation, the Code of the International Standards and Recommended Practices for a Safety Investigation into a Marine Casualty or Marine Incident (Casualty Investigation Code) recommends member states to build capacity for analysis of VDR data. Against this backdrop, this paper presents methods for efficient investigations into the causes behind marine incidents based on data analysis of VDR, which serves as the black box of ships, as well as digital forensic techniques.

• Journal of Advanced Navigation Technology
• /
• v.15 no.5
• /
• pp.887-892
• /
• 2011

Recently iPad has been released, so users interest in new portable device is increasing. As markets grow, experts are forecasting a increase of investigation about tablet PC. However iPad forensics is very difficult using existing smart phone forensic softwares. especially, those softwares can't analyze korean mobile application. This paper describes collecting/analyzing technique for iPad.

• Analytical Science and Technology
• /
• v.31 no.1
• /
• pp.47-56
• /
• 2018

Finding the blood left at a crime scene is very important to reconstruct or solve a criminal case. Although numerous reagents have been developed for use at crime scenes, luminol is the most representative. Bluestar Forensic has been used in recent years, but is expensive and cannot be stored after preparation. This study aims to develop a new luminol reagent that can be stored for a long period of time while maintaining the chemiluminescence intensity at the level of Bluestar Forensic. Because luminol dissolves well in aqueous alkaline solutions, the use of sodium hydroxide in the preparation of luminol reagents can promote the decomposition of hydrogen peroxide. Magnesium sulfate, sodium silicate, and potassium triphosphate have been used as hydrogen peroxide stabilizers. The effects of the addition of these substances on the chemiluminescence emission intensity and the storage period of the luminol reagents were confirmed. The addition of a hydrogen peroxide stabilizer was shown to have no significant affect on the chemiluminescence emissions intensity or stabilized pH of the luminol reagent during storage. It also greatly increases the shelf life of the reagents. The use of magnesium sulfate as a hydrogen peroxide stabilizer is the most appropriate. When sodium perborate is used instead of hydrogen peroxide as an oxidizing agent, there is no significant change in the sensitivity and chemiluminescence emissions intensity, but the storage period is shortened. However, after the reaction with blood, the pH of the mixed solution does not increase significantly, and is judged to be more suitable than a reagent made of hydrogen peroxide.

• Analytical Science and Technology
• /
• v.20 no.3
• /
• pp.219-226
• /
• 2007

Glass is frequently encountered as types of materials that are submitted to forensic science laboratories as a result of trace evidence transfers. The repeatability and the reproducibility of trace element analysis were presented. An analysis of variance (ANOVA) was performed on laser ablation inductively coupled plasma spectrometric analyses of the fragments to identify the source. Pairwise comparisons were completed for all samples. In a pairwise comparison, each sample was compared to each other for a possible [n(n-1)/2] (n : numbers of the samples) total comparison to associate/discriminate samples using Tukey's HSD method. The aim of this study was to determine the utility of LA-ICP-MS for multi-element analysis of forensic samples. The 12 glass fragments from two manufacturers were collected and analyzed to identify the source. An analysis of variance (ANOVA) was performed on 31 elements in NIST 612 Trace elements in Glass. Elements were classified into four categories defined by the combination of precision and variation of inter-samples. We selected 11 elements, 209Bi, 90Zr, 121Sb, 178Hf, 59Co, 238U, 208Pb, 140Ce, 118Sn, 49Ti and 137Ba. 6 pairs out of 66 possible pairs were not distinguished when compared by 137Ba (p<0.05). However, all samples were distinguished using both 49Ti and 137Ba (p<0.05). In conclusion, multi-elemental analysis with LA-ICP-MS is a potential tecnique for the discrimination of forensic samples.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.75-86
• /
• 2017

Docker, which is one of the various virtualization technology in server systems, is getting popular as it provides more lightweight environment for service operation than existing virtualization technology. It supports easy way of establishment, update, and migration of server environment with the help of image and container concept. As the adoption of docker technology increases, the attack motive for the server for the distribution of docker images and the incident case of attacking docker-based hosts would also increase. Therefore, the method and procedure of digital forensic investigation of docker-based host including the way to extract the filesystem of containers when docker daemon is inactive are presented in this paper.

• Advances in concrete construction
• /
• v.4 no.2
• /
• pp.89-105
• /
• 2016

The post - fire investigation is conducted on a fire-affected reinforced concrete shear wall building to ascertain the level of its strength degradation due to the fire incident. Fire incident took place in a three-storey building made of reinforced concrete shear wall and roof with operating floors made of steel beams and chequered plates. The usage of the building is to handle explosives. Elevated temperature during the fire is estimated to be $350^{\circ}C$ based on visual inspection. Destructive (core extraction) and non-destructive (rebound hammer and ultrasonic pulse velocity) tests are conducted to evaluate the concrete strength. X-ray diffraction (XRD) and Field Emission Scanning Electron Microscopy (FESEM) are used for analyzing micro structural changes of the concrete due to fire. Tests are conducted for concrete walls and roof slab on both burnt and unburnt locations. The analysis of test results reveals no significant degradation of the building after the fire which signifies that the structure can be used with full expectancy of performance for the remaining service life. This document can be used as a reference for future forensic investigations of similar fire affected concrete structures.

• Analytical Science and Technology
• /
• v.13 no.2
• /
• pp.1027-1048
• /
• 2000

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.9
• /
• pp.3068-3086
• /
• 2022

Digital Forensics is gaining popularity in adjudication of criminal cases as use of electronic gadgets in committing crime has risen. Traditional approach to collecting digital evidence falls short when the disk is encrypted. Encryption keys are often stored in RAM when computer is running. An approach to acquire forensic data from RAM when the computer is shut down is proposed. The approach requires that the investigator immediately cools the RAM and transplant it into a host computer provisioned with a tool developed based on cold boot concept to acquire the RAM image. Observation of data obtained from the acquired image compared to the data loaded into memory shows the RAM chips exhibit some level of remanence which allows their content to persist after shutdown which is contrary to accepted knowledge that RAM loses its content immediately there is power cut. Results from experimental setups conducted with three different RAM chips labeled System A, B and C showed at a reduced temperature of -25C, the content suffered decay of 2.125% in 240 seconds, 0.975% in 120 seconds and 1.225% in 300 seconds respectively. Whereas at operating temperature of 25℃, there was decay of 82.33% in 60 seconds, 80.31% in 60 seconds and 95.27% in 120 seconds respectively. The content of RAM suffered significant decay within two minutes without power supply at operating temperature while at a reduced temperature less than 5% decay was observed. The findings show data can be recovered for forensic evidence even if the culprit shuts down the computer.