• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.43-51
• /
• 2010

It is meaningful to investigate data in unallocated space because we can investigate the deleted data. Consecutively complete file recovery using the File Carving is possible in unallocated area, but noncontiguous or incomplete data recovery is impossible. Typically, the analysis of the data fragments are needed because they should contain large amounts of information. Microsoft Word, Excel, PowerPoint and PDF document file's text are stored using compression or specific document format. If the part of aforementioned document file was stored in unallocated data fragment, text extraction is possible using specific document format. In this paper, we suggest the method of extracting a particular document file text in unallocated data fragment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.353-363
• /
• 2021

As the Untact era is rapidly changing, collaboration tools are increasing their utilization and value as digital technologies for non-face-to-face work. While instant messenger-based collaboration tools support a variety of functions, crime and accident concerns are also increasing in proportion to their convenience, such as information leakage and security incidents. Meanwhile, the digital forensics perspective on collaborative tools is not enough, so forensics research is needed. This study analyzes significant artifacts in the two operating environments through Windows and Android forensics research on Microsoft Teams, the collaboration tool with the highest share in the world. Also, based on differences in artifacts and data attributes according to the operating environment, by applying 'differential forensic', we proved that the usefulness of evidence can be improved by presenting a complementary analysis method and timeline configuration through information linkage.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.12
• /
• pp.1662-1669
• /
• 2020

Google cloud includes data uploaded and synchronized by users, as well as synchronization history of all cloud services, users' smartphone usage, and location information. Therefore, Google cloud data can be useful for digital forensics from a user behavior analysis perspective. Through this paper, we have identified the types of cloud data that can be acquired using Google's Takeout service and developed a tool that can be usefully utilized in digital forensics research and investigation by screening and analyzing the data required for analyzing user behavior. Because Google cloud data is synchronized through Google accounts regardless of the type of computing device, Google service data used on various devices such as PCs, smartphones, and tablet PCs can be acquired through Google accounts without the device. Therefore, the results of this paper's research are expected to be very useful for digital forensics research and investigation in the current situation.

• Journal of National Security and Military Science
• /
• s.1
• /
• pp.391-421
• /
• 2003

While the social activities using Internet become generalized, the side effect of the information security violation is increasing steadily and threaten the countries which is not ready to prevent from offensive penetration such as the Information-fighter or Cyber-military. In this paper, we define the concept and characteristics of the modern Information-Warfare and analyze various kinds of threatened elements and also examine the recent trend in other countries. And introducing Computer Forensics raised recently for the confrontation against the security violation in the future, we will show the developing strategies and the necessity in order to response cyber attacks. These developing strategies can be used to ensure and re-trace the technical evidence for the security violation and to achieve the disaster relief effectively. So we hope that can apply them to the actual preparation through developing cyber trial test of the defense and attack for the Information-Warfare.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.99-104
• /
• 2012

The digital forensics are new kinds of security that investigate and verificate fact relation about activities based on digital data. In this paper, we implemented digital forensic tool that can be used in collecting, analyzing, and reporting evidences. This tool support intuitional GUI that everybody can analyze easily. And a simple operation can collect and analyze active data. Also, we can decrease much time and endeavor by using this forensic tool that support reliable data.

• Proceedings of the Safety Management and Science Conference
• /
• 2001.05a
• /
• pp.275-280
• /
• 2001

DESIGNIN AND OPERATION OF DIGITAL EVIDENCE MANAGEMENT SYSTEM APPLYING COMPUTER FORENSICS AND ELECTRONIC CERTIFICATION Digital evidence will be used as a term, which means the electronic form of information which is necessary to confirm or prove the factum of all kinds of behaviors committed through the devices which have data processing ability including computer. It is expected that there will be the increase of legal conflicts surrounding electronic commerce activities as well as the increase of cyber crimes, as the number of Internet users are getting bigger. In order to solve the problems of conflicts derived from electronic commerce, the factum of electronic commerce activities must be confirmed. In order to confirm the factum of electronic commerce activities, the evidence is prerequisite. Almost all evidences relating to the electronic commerce activities exist in digital form. For the reason that the digital evidence can be easily damaged and changed, special management is required to collect, analyze, and preserve the digital evidence. In order to meet this requirement, this study proposes a basic model of digital evidence management system applying computer forensics and electronic authentication.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.129-141
• /
• 2010

In network service environment, cultures from diversified fields are easily accessible thanks to the convenient digital content services. Unfortunately, unauthorized access and indiscreet misuse behaviors have deprived content owners of their copyrights. This study suggests an integrity-ensured model applicable for forensic evidence of digital content infringement in network service environment. The suggested model is based on MPEG-21 core components for digital content protection and the system is designed in connection with the components of digital content forensics. Also, the present study suggests an efficient technology to protect and manage computer forensic evidence and digital content by authorizing digital content use and catching infringing logs of authorized users without lag in network environment for the benefit of network security and reliability.

• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.11-18
• /
• 2005

With the develoment of IT(Information Technologies) in Internet, Digital crime are increasing explosive every year. Recently, digital crime is taken advantage of technical and expert skill. It is necessary to investigate a digital crime that Digital forensic process standardization, Specialist training & education, R&D, Government support. So in this paper we proposed device of the grow of digital forensic that make analysis of the present state domestic digital forensic technique.

• The Korean Journal of Legal Medicine
• /
• v.39 no.4
• /
• pp.115-119
• /
• 2015

We investigated event-related potentials (ERPs) to estimate the accuracy of eyewitness memories. Participants watched videos of vehicles being driven dangerously, from an anti-impaired driving initiative. The four-letter license plates of the vehicles were the target stimuli. Random numbers were presented while participants attempted to identify the license plate letters, and electroencephalograms were recorded. There was a significant difference in activity 300-500 milliseconds after stimulus onset, between target stimuli and random numbers. This finding contributes to establishing an eyewitness recognition model where different ERP components may reflect more explicit memory that is dissociable from recollection.

• International Journal of Internet, Broadcasting and Communication
• /
• v.14 no.3
• /
• pp.8-16
• /
• 2022

In this paper, we propose a method of reconstructing the file system to obtain digital forensics information from the APFS file system when meta information that can know the structure of the file system is deleted due to partial damage to the disk. This method is to reconstruct the tree structure of the file system by only retrieving the B-tree node where file/directory information is stored. This method is not a method of constructing nodes based on structural information such as Container Superblock (NXSB) and Volume Checkpoint Superblock (APSB), and B-tree root and leaf node information. The entire disk cluster is traversed to find scattered B-tree leaf nodes and to gather all the information in the file system to build information. It is a method of reconstructing a tree structure of a file/directory based on refined essential data by removing duplicate data. We demonstrate that the proposed method is valid through the results of applying the proposed method by generating numbers of user files and directories.