• Journal of Information Science Theory and Practice
• /
• v.12 no.1
• /
• pp.39-59
• /
• 2024

An online social network is a platform that is continuously expanding, which enables groups of people to share their views and communicate with one another using the Internet. The social relations among members of the public are significantly improved because of this gesture. Despite these advantages and opportunities, criminals are continuing to broaden their attempts to exploit people by making use of techniques and approaches designed to undermine and exploit their victims for criminal activities. The field of digital forensics, on the other hand, has made significant progress in reducing the impact of this risk. Even though most of these digital forensic investigation techniques are carried out manually, most of these methods are not usually appropriate for use with online social networks due to their complexity, growth in data volumes, and technical issues that are present in these environments. In both civil and criminal cases, including sexual harassment, intellectual property theft, cyberstalking, online terrorism, and cyberbullying, forensic investigations on social media platforms have become more crucial. This study explores the use of machine learning techniques for addressing criminal incidents on social media platforms, particularly during forensic investigations. In addition, it outlines some of the difficulties encountered by forensic investigators while investigating crimes on social networking sites.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.179-192
• /
• 2024

macOS presents challenges for memory data acquisition due to its proprietary system architecture, closed-source kernel, and security features such as System Integrity Protection (SIP), which are exclusive to Apple's product line. Consequently, conventional memory acquisition tools are often ineffective or require system rebooting. This paper analyzes the status and limitations of existing memory forensics research and tools related to macOS. We investigate methods for memory acquisition and analysis across various macOS versions. Our findings include the development of a practical memory acquisition and analysis process for digital forensic investigations utilizing OSXPmem and dd tools for memory acquisition without system rebooting, and Volatility 2, 3 for memory data analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.895-905
• /
• 2024

Even now that the coronavirus pandemic has ended, collaboration tools that connect office work and remote work are showing high usage rates. These collaboration tools are related to sensitive data within an organization, and a lot of data is generated through the interactions of not only individuals but also members of various organizations. However, the generated data is structurally mixed, encrypted, or deleted or hidden through anti-forensic functions supported by collaboration tools. Digital investigations targeting collaboration tools require analysis methods to collect this data and obtain key data. In this paper, we explained how to collect and analyze data using Naver Works, a collaboration tool in the Windows environment.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.109-120
• /
• 2018

The smartphone is the communication device that is the most personal to the user, and it keeps a lot of information related to the user and makes information communication with other devices. With these characteristics, forensics on smartphones are one of the most basic methods of investigation in criminal investigations, and have actually contributed to the settlement of the case by providing many clues. However, recently, it is designed to encrypt data stored as a social issue related to the protection of user's personal information, or to delete deleted data or to delete log data together. So, any solutions? In this paper, I try to find the answer from cloud data stored by smartphone user account. Cloud forensics should approach complementary relationships rather than smartphone forensics. There are a lot of data stored in the cloud that can be meaningfully used in the investigation. Online activity information of users, such as Internet usage, YouTube view, and contents purchase information, cloud service such as e-mail, cloud drive, and location information are the most representative data. These data can be unvaluable, but here are some important clues in various types of criminal investigations. In this paper, I propose a method to extract data from the google cloud so that the data can be used for investigation, and to utilize the extracted data for investigation. And it explains the role of the extracted artifacts in the actual investigation business through virtual cases and proves its value.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.69-81
• /
• 2006

The Computer Forensics is a research area that finds the malicious users by collecting and analyzing the intrusion or infringement evidence of computer crimes such as hacking. Many researches about Computer Forensics have been done so far. But those researches have focussed on how to collect the forensic evidence for both analysis and poofs after receiving the intrusion or infringement reports of hosts from computer users or network administrators. In this paper, we describe how to collect the forensic evidence of good quality from observable and protective hosts at the time of infringement occurrence by malicious users. By correlating the event logs of Intrusion Detection Systems(IDSes) and hosts with the configuration information of hosts periodically, we calculate the value of infringement severity that implies the real infringement possibility of the hosts. Based on this severity value, we selectively collect the evidence for proofs at the time of infringement occurrence. As a result, we show that we can minimize the information damage of the evidence for both analysis and proofs, and reduce the amount of data which are used to analyze the degree of infringement severity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.115-127
• /
• 2024

The recent increase in digital audio media has greatly expanded the size and diversity of sound data, which has increased the importance of sound data analysis in the digital forensics process. However, the lack of standardized procedures and guidelines for sound data analysis has caused problems with the consistency and reliability of analysis results. The digital environment includes a wide variety of audio formats and recording conditions, but current audio forensic methodologies do not adequately reflect this diversity. Therefore, this study identifies Life-Cycle-based sound data elemental technologies and provides overall guidelines for sound data analysis so that effective analysis can be performed in all situations. Furthermore, the identified elemental technologies were analyzed for use in the development of digital forensic techniques for sound data. To demonstrate the effectiveness of the life-cycle-based sound data elemental technology identification system presented in this study, a case study on the process of developing an emergency retrieval technology based on sound data is presented. Through this case study, we confirmed that the elemental technologies identified based on the Life-Cycle in the process of developing digital forensic technology for sound data ensure the quality and consistency of data analysis and enable efficient sound data analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.135-144
• /
• 2014

Since anti-forensics have been developed in order to avoid digital forensic investigation, the forensic methods for analyzing anti-forensic behaviors have been studied in various aspects. Among the factors for user activity analysis, "Iconcache.db" files, which have the icon information of applications, provides meaningful information for digital forensic investigation. This paper illustrates the features of IconCache.db files and suggests the countermeasures against anti-forensics utilizing them.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.1
• /
• pp.95-102
• /
• 2015

Smartphone is very useful for use in the real world, but it has been exposed to a lot of crime by smartphone. Also, it occurs attempting to delete a data of smartphone memory by anti-forensic tools. In this paper, we implement an anti-forensic tool used in the Android. In addition, tests to validate the availability of the anti-forensic tool by the Oxygen Forensic Suite that is a commercial forensic tool.

• Annual Conference of KIPS
• /
• 2017.04a
• /
• pp.306-308
• /
• 2017

디지털 정보의 활용이 보편화된 최근의 사회는 수사와 재판과정에도 많은 변화를 주었다. 사람들의 행위에 따르는 법적인 문제들을 해결하기 위해서는 디지털 방식의 자료들을 이용할 수 밖에 없으며, 특히나 산업보안 수사에서 디지털 자료는 필수 불가결하다. 대부분의 기술유출사건이 이동식 저장매체 또는 네트워크와 같은 디지털 자료를 이용하여 발생하기 때문이다. 이렇듯 디지털 증거의 중요성이 날로 증가하고 있는 상황에서 증거로서의 능력을 인정받기 위해서는 과학적이고 객관적인 절차를 필요로 한다. 하지만 기하급수적으로 늘고있는 디지털 증거에 대한 기술력과 분석력에 비해 디지털 포렌식 관련 법과 제도의 확립은 아직 부족한 실정이다. 본 연구를 통해 디지털 포렌식 관련 연구동향을 파악하고 연구 활성화를 위한 객관적인 데이터를 제공하고자 한다.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.55-58
• /
• 2008

디지털 증거분석 단계에서 조사관은 용의자 시스템을 통해 사건 날짜와 시간에 실행된 응용 프로그램이나 악성 프로그램의 설치 여부 등을 유추하여 관련 증거를 발견할 수 있다. 그러나 대부분의 범죄자는 혐의 부인을 위해 대상 시스템에서 특정 프로그램의 설치 및 사용 정보를 삭제하여 증거를 인멸한다. 이와 같이 디지털 포렌식 조사를 방해하는 기술이나 도구와 관련된 분야를 안티포렌식(Anti-Forensics)이라 한다. 사이버 범죄의 증가로 인해 디지털 포렌식 기술이 발전할수록 범죄의 흔적을 남기지 않기 위한 안티포렌식 기술 또한 발전하고 있다. 이러한 안티포렌식에 대응하기 위해, 본 논문에서는 프로그램 사용 또는 설치와 같은 흔적을 시스템에서 삭제한 경우 시스템 복원지점을 이용한 증거탐지 방법을 제시한다. 또한 실제 발생 가능한 상황을 예로 들어 설명하고 수사 시 유용하게 쓰일 수 있는 도구 개발에 대한 계획을 제시한다.