• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.5
• /
• pp.163-172
• /
• 2014

The Scale Invariant Feature Transform (SIFT) has been widely used in a lot of applications for image feature matching. Such a transform allows us to strong matching ability, stability in rotation, and scaling with the variety of different scales. Recently, it has been made one of the most successful algorithms in the research areas of copy-move forgery detections. Though this transform is capable of identifying copy-move forgery, it does not widely address the possibility that counter-forensics operations may be designed and used to hide the evidence of image tampering. In this paper, we propose a targeted counter-forensics method for impeding SIFT-based copy-move forgery detection by applying a semantically admissible distortion in the processing tool. The proposed method allows the attacker to delude a similarity matching process and conceal the traces left by a modification of SIFT keypoints, while maintaining a high fidelity between the processed images and original ones under the semantic constraints. The efficiency of the proposed method is supported by several experiments on the test images with various parameter settings.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.23-29
• /
• 2020

These days, digital forensic technologies are being used frequently at crime scenes. There are various electronic devices at the scene of the crime, and digital forensic results of these devices are used as important evidence. In particular, the user's action and the time when the action took place are critical. But there are many limitations for use in real forensics analyses because of the short cycle in which user actions are recorded. This paper proposed an efficient method for recovering deleted user behavior records and applying them to forensics investigations, then the proposed method is compared with previous methods. Although there are difference in recovery result depending on the storage, the results have been identified that the amount of user history data is increased from a minimum of 6% to a maximum of 539% when recovered user behavior was utilized to forensics investigation.

• Journal of Advanced Navigation Technology
• /
• v.16 no.2
• /
• pp.307-317
• /
• 2012

Rapid development of the IT technology and mobile communications has increasingly improved many kinds of digital devices arise, as well as the mobile technology. However, the attacks (virus, hacking and Ip spoofing etc) have also increasingly grown dogged on any region including the society security. As the visual data is prone to copy, delete and move etc, it is necessary that attesting to the integrity of forensics evidence is crucial, as well as data transmission security. This paper presents a framework model using digital forensics method and the results of its performance evaluation for mobile security. The results show that the integrity of the visual data can be obtain with high security and make a proposal refer to prevention of Mobile IP Spoofing attack using our hashing data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.417-428
• /
• 2020

With the rapid development of information and communication technology, mobile devices have become an essential tool in our lives. Mobile devices are used as important evidence in criminal proof, as they accumulate data simultaneously with PIM functions while working with users most of the time. The mobile forensics is a procedure for obtaining digital evidence from mobile devices and should be collected and analyzed in accordance with due process, just like other evidence, and the integrity of the evidence is essential because it has aspects that are easy to manipulate and delete. Also, the adoption of evidence relies on the judges' liberalism, which necessitates the presentation of generalized procedures. In this paper, a mobile forensics model is presented to ensure integrity through the generalization of procedures. It is expected that the proposed mobile forensics model will contribute to the formation of judges by ensuring the reliability and authenticity of evidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.405-415
• /
• 2020

With the increase in smartphone user, mobile forensics has become an essential element in modern digital forensic investigation. Mobile messenger data is very important data in mobile forensics because it can acquire information such as user's life pattern and mental state. In order to analyze messenger data, a decryption technique of an encrypted messenger data is required. Since most messengers provide a message deleting function, a technique for recovering deleted messages is required. WeChat Messenger, a messenger used by about 1 billion people around the world, uses IMEI (International Mobile Equipment Identity) information to encrypt data and provides message deletion function. In this paper, we propose a data decryption method in the absence of IMEI information and propose a method for recovering deleted messages using FTS (Full Text Search) database created for full-text search function of SQLite database.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.680-693
• /
• 2018

Nowadays, third-party applications form an important part of the mobile environment, and social networking applications in particular can leave a variety of user footprints compared to other applications. Digital forensics of mobile third-party applications can provide important evidence to forensics investigators. However, most mobile operating systems are now updated on a frequent basis, and developers are constantly releasing new versions of them. For these reasons, forensic investigators experience difficulties in finding the locations and meanings of data during digital investigations. Therefore, this paper presents scenario-based methods of forensic analysis for a specific third-party social networking service application on a specific mobile device. When applied to certain third-party applications, digital forensics can provide forensic investigators with useful data for the investigation process. The main purpose of the forensic analysis proposed in the present paper is to determine whether the general use of third-party applications leaves data in the mobile internal storage of mobile devices and whether such data are meaningful for forensic purposes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.1
• /
• pp.98-115
• /
• 2012

New trend called ubiquitous leads the recent business by standardization and integration. It should be the main issue how to guarantee the integration and accountability on each business, especially in mission critical system which is mainly supported by M2M (Machine to Machine) control mechanism. This study is from the analysis of digital forensics case study that is from the M2M Sensing Control Mechanism problem of the "Imjin River" case in 2009, where a group of family is swept away to death by water due to M2M control error. The ubiquitous surroundings bring the changes in the field of criminal investigation to real time controls such as M2M systems. The needs of digital forensics on M2M control are increasing on every crime scene but we suffer from the lack of control metrics to get this done efficiently. The court asks for more accurately analyzed results accounting high quality product development design. Investigators in the crime scene need real-time analysis against the crime caused by poor quality of mission critical systems. It seems to be every need of Real-Time-Enterprise, so called ubiquitous society on the case. We try to find the efficiency and productivity in discovering non-functional design defects in M2M convergence products focusing on three metrics in study model with quick implementation. Digital forensics system in present status depends on know-how of each investigator and is hard to expect professional analysis on every field. This study set up a hypothesis "Co-working of professional investigators on each field will qualify Performance and Integrity" especially in mission critical system such as M2M and suggests "Online co-work analysis model" to efficiently detect and prevent mission critical errors in advance. At the conclusion, this study proved the statistical research that was surveyed by digital forensics specialists around M2M crime scene cases with quick implementation of dash board.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.97-108
• /
• 2018

Computer technology and Internet advances enable easy massive file transfer by messenger, email, and web hard service users this means that a child pornography file owner who is illegally possessing itself can quickly transfer that to other users However there are currently no specific ways to prevent or block the distribution of child pornography between messenger, email, and web hard service users. in this paper, we propose a method to prevent the distribution of child pornography using the MD5, SHA-1 hash value stored in the 'police Child pornography Profiling system' and to identify the child pornography suspects using the subscriber information. the user extracts the hash value of the file before distributing the file, compared it with police system, and if it has the same value, blocks the transmission of the file and sends warning to the owner. the service provider sends the subscriber information to investigation agency child pornography owners can conduct a quick and accurate investigation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.165-176
• /
• 2011

In this paper, we examine the reliability verification procedure of evidence analysis tools for computer forensics and test the famous tools for their functional requirements using the verification items proposed by standard document, TIAK.KO-12.0112. Also, we carry out performance evaluation based on test results and suggest the way of performance improvement for evidence analysis tools. To achieve this, we first investigate functions that test subjects can perform, and then we set up a specific test plan and create evidence image files which contain the contents of a verification items. We finally verify and analyze the test results. In this process, we can discover some weaknesses of most of analysis tools, such as the restoration for deleted & fragmented files, the identification of the file format which is widely used in the country and the processing of the strings composed of Korean alphabet.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.10
• /
• pp.115-121
• /
• 2022

In this paper, we analyze trends in the use of mobile forensic technology, focusing on cases where mobile forensics are used, and we predict the development of future mobile forensics technology using linear regression used in future prediction models. For the current status and outlook analysis, we extracted a total of 8 variables by analyzing 1,397 domestic and foreign mobile forensics-related cases and newspaper articles. We analyzed the prospects for each variable using the year of occurrence as an independent variable, seven variables such as text (text message usage information), communication information (cell phone communication information), Internet usage information, messenger usage information, stored files, GPS, and others as dependent variables. As a result of the analysis, among various aspects of the use of mobile devices, the use of Internet usage information, messenger usage information, and data stored in mobile devices is expected to increase. Therefore, it is expected that continuous research on technologies that can effectively extract and analyze characteristic information of mobile devices such as file systems, the Internet, and messengers will be needed As mobile devices increase performance and utilization in the future and security technology.