• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.777-785
• /
• 2016

IM(Instant Messenger) chatting service can carry user's various information including life style, geographical position, and psychology & crime history and thus forensic analysis on the IM service is desirable. But, forensic analysis for KakaoTalk's chatting service is not well studied yet. For this reason, we study KakaoTalk's forensic analysis focusing on chatting service. This paper first details a general method of IM forensics investigating the previous articles about IM forensics although there are not many articles. Second, we discuss methodologies for IM forensics wherein we present analysis of table structure and method for reconstruction of chatting message. These result in the basic element of forensic tools of KakaoTalk chatting message. Last, we compare artifacts of KakaoTalk with that of WhatsApp. We conclude that these applications are, at least, different in that table structures and the ways to reconstruct chatting messages are not same and therefore digital evidences or artifacts are not same and somewhat distinct.

• The Journal of Society for e-Business Studies
• /
• v.17 no.3
• /
• pp.117-128
• /
• 2012

There was a large scale of DDoS(Distributed Denial of Service) attacks mostly targeted at Korean government web sites and cooperations's on March 4, 2010(3.4 DDoS attack) after 7.7 DDoS on July 7, 2009. In these days, anyone can create zombie PCs to attack someone's website with malware development toolkits and farther more improve their knowledge of hacking skills as well as toolkits because it has become easier to obtain these toolkits on line, For that trend, it has been difficult for computer security specialists to counteract DDoS attacks. In this paper, we will introduce an essential control list to prevent malware infection with live forensics techniques after analysis of monitoring network systems and PCs. Hopefully our suggestion of how to coordinate a security monitoring system in this paper will give a good guideline for cooperations who try to build their new systems or to secure their existing systems.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.137-146
• /
• 2007

Korea's seas have the potentials of dispute against China or Japan due to the overlap of the territorial waters and EEZ. In case of marine accidents, the nature of the sea tends to eliminate much of the track, making it another hardship in evidence adoption in case of an international dispute along with the false entries of fishing vessels' journals. Marine Digital Forensics Protects the functions of computers and IT appliance on vessels and extracts evidence of voyage and accidents to resolve international dispute. The digital evidence, if tampered with its integrity, my lead to the rejection to a critical claim or may even fail to make a case. As a solution, this thesis suggests Marine Digital Forensics as a way to extract evidence and prove a claim. This may be utilized as means of scientific investigation on sea as overseas exchange increases and the vessels digitalize, leading to a solution in international disputes that may occur in the future.

• KSCI Review
• /
• v.15 no.1
• /
• pp.209-217
• /
• 2007

Korea's seas have the potentials of dispute against China or Japan due to the overlap of the territorial waters and EEZ. In case of marine accidents, the nature of the sea tends to eliminate much of the track, making it another hardship in evidence adoption in case of an international dispute along with the false entries of fishing vessels' journals. Marine Digital Forensics protects the functions of computers and IT appliance on vessels and extracts evidence of voyage and accidents to resolve international dispute. The digital evidence, if tampered with its integrity, may lead to the rejection to a critical claim or may even fail to make a case. As a solution, this thesis suggests Marine Digital Forensics as a way to extract evidence and prove a claim. This may be utilized as means of scientific investigation on sea as overseas exchange increases and the vessels digitalize, leading to a solution in international disputes that may occur in the future.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.2
• /
• pp.143-151
• /
• 2008

74% of Internet users use the UCC, and You Tube using firearms in a crime occurred. Internet crime occurred in the online, non-face transaction, anonymous, encapsulation. In this paper, we are studied a Network Forensic Way and a technique analyze an aspect criminal the Internet haying appeared at Internet UCC, and to chase. Study ID, IP back-tracking and position chase through corroborative facts collections of the UCC which used UCC search way study of the police and a public prosecutor and storage way and network forensic related to crimes of Internet UCC. Proof data encrypt, and store, and study through approach control and user authentication so that they are adopted to legal proof data through integrity verification after transmission and storages. This research via the Internet and criminal conspiracy to block the advance promotion, and for the criminal investigative agencies of the Internet will contribute to the advancement forensics research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.285-294
• /
• 2014

As the utilization rate of smart device increases, various applications for smart device have been developed. Since these applications can contain important data related to user behaviors in digital forensic perspective, the analysis of them should be conducted in advance. However, lots of applications get to have new data format or type when they are updated. Therefore, whether the applications are updated or not should be checked one by one, and if they are, whether their data are changed should be also analyzed. But observing application data repeatedly is a time-consuming task, and that is why the effective method for dealing with this problem is needed. This paper suggests the automatic system which gets updated information and checks changed data by collecting application information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.345-352
• /
• 2014

As the utilization rate of smart device increases, various applications for smart device have been developed. Since these applications can contain important data related to user behaviors in digital forensic perspective, the analysis of them should be conducted in advance. However, lots of applications get to have new data format or type when they are updated. Therefore, whether the applications are updated or not should be checked one by one, and if they are, whether their data are changed should be also analyzed. But observing application data repeatedly is a time-consuming task, and that is why the effective method for dealing with this problem is needed. This paper suggests the automatic system which gets updated information and checks changed data by collecting application information.

• Nuclear Engineering and Technology
• /
• v.50 no.6
• /
• pp.820-828
• /
• 2018

The growing nuclear threat has amplified the need for developing diverse and accurate nuclear forensics analysis techniques to strengthen nuclear security measures. The work presented here is part of a research effort focused on developing a methodology for reactor-type discrimination of weapons-grade plutonium. To verify the developed methodology, natural $UO_2$ fuel samples were irradiated in a thermal neutron spectrum at the University of Missouri Research Reactor (MURR) and produced approximately $20{\mu}g$ of weapons-grade plutonium test material. Radiation transport simulations of common thermal reactor types that can produce weapons-grade plutonium were performed, and the results are presented here. These simulations were needed to verify whether the plutonium produced in the natural $UO_2$ fuel samples during the experimental irradiation at MURR was a suitable representative to plutonium produced in common thermal reactor types. Also presented are comparisons of fission product and plutonium concentrations obtained from computational simulations of the experimental irradiation at MURR to the nondestructive and destructive measurements of the irradiated natural $UO_2$ fuel samples. Gamma spectroscopy measurements of radioactive fission products were mostly within 10%, mass spectroscopy measurements of the total plutonium mass were within 4%, and mass spectroscopy measurements of stable fission products were mostly within 5%.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.9-17
• /
• 2018

Smartphone have become commonplace because they have the advantage of facilitating communication with others and making life easier. The smartphone's system log stores various data related to the user actions. Since 2015, Huawei has been growing rapidly, with its sales volume increasing and it was ranked second in the world in three years. The use of Huawei smartphones by many users means that Huawei smartphones are likely to be used to detect traces of criminal investigations, so we need to study system logs of Huawei smartphones. Therefore, in this paper, we analyze system log which is forensically meaningful for Huawei smartphone. We also propose how to use logs in forensic investigation.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.27-38
• /
• 2018

Recently, as the amount of digital data rapidly increases, a large storage space is required. RAID is a system that can manage large capacity storage space. Storage space provided by Windows is a type of software RAID. Storage space has been supported since Windows 8, Windows Server 2012, and no analysis has been done on the functionality. To analyze system using storage space, analysis of storage space function and reconstruction method of virtual disk should be studied. In this paper, we briefly describe the layout of existing RAID, explain the layout and metadata of storage space of software RAID, present reconstruction method of virtual disk by disk layout, and verify the result through experiments.