• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.2
• /
• pp.626-643
• /
• 2023

As mobile forensics has emerged as an essential technique, the demand for technology development, education and training is increasing, wherein images are used. Academic societies in South Korea and national institutions in the US and the UK are leading the Mobile Forensic Image development. However, compared with disks, images developed in a mobile environment are few cases and have less active research, causing a waste of time, money, and manpower. Mobile Forensic Images are also difficult to trust owing to insufficient verification processes. Additionally, in South Korea, there are legal issues involving the Telecommunications Business Act and the Act on the Protection and Use of Location Information. Therefore, in this study, we requested a review of a standard model for the development of Mobile Forensic Image from experts and designed an 11-step development model. The steps of the model are as follows: a. setting of design directions, b. scenario design, c. selection of analysis techniques, d. review of legal issues, e. creation of virtual information, f. configuring system settings, g. performing imaging as per scenarios, h. Developing a checklist, i. internal verification, j. external verification, and k. confirmation of validity. Finally, we identified the differences between the mobile and disk environments and discussed the institutional efforts of South Korea. This study will also provide a guideline for the development of professional quality verification and proficiency tests as well as technology and talent-nurturing tools. We propose a method that can be used as a guide to secure pan-national trust in forensic examiners and tools. We expect this study to strengthen the mobile forensics capabilities of forensic examiners and researchers. This research will be used for the verification and evaluation of individuals and institutions, contributing to national security, eventually.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.95-102
• /
• 2023

The emergence of Internet of Things (IoT) into our daily lives has grown rapidly. It's been integrated to our homes, cars, and cities, increasing the intelligence of devices involved in communications. Enormous amount of data is exchanged over smart devices through the internet, which raises security concerns in regards of privacy evasion. This paper is focused on the forensics and intrusion detection on one of the most common protocols in IoT environments, especially smart home environments, which is the Message Queuing Telemetry Transport (MQTT) protocol. The paper covers general IoT infrastructure, MQTT protocol and attacks conducted on it, and multiple network forensics frameworks in smart homes. Furthermore, a machine learning model is developed and tested to detect several types of attacks in an IoT network. A forensics tool (MQTTracker) is proposed to contribute to the investigation of MQTT protocol in order to provide a safer technological future in the warmth of people's homes. The MQTT-IOT-IDS2020 dataset is used to train the machine learning model. In addition, different attack detection algorithms are compared to ensure the suitable algorithm is chosen to perform accurate classification of attacks within MQTT traffic.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.37-47
• /
• 2023

The growth of the metaverse has been accelerated by the increased demand for non-face-to-face interactions due to COVID-19 and advancements in technologies such as blockchain and NFTs. However, with the emergence of various metaverse platforms and the corresponding rise in users, criminal cases such as ransomware attacks, copyright infringements, and sexual offenses have occurred within the metaverse. Consequently, the need for artifacts that can be utilized as digital evidence within metaverse systems has increased. However, there is a lack of information about artifacts that can be used as digital evidence. Furthermore, metaverse security evaluation and forensic analysis are also insufficient, and the absence of attack scenarios and related guidelines makes forensics challenging. To address these issues, this paper presents artifacts that can be used for user behavior analysis and timeline analysis through dynamic analysis of Roblox, a representative metaverse gaming solution. Based on analyzing interrelationship between identified artifacts through memory forensics and log file analysis, this paper suggests the potential usability of artifacts in metaverse crime scenarios. Moreover, it proposes improvements by analyzing the current legal and regulatory aspects to address institutional deficiencies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.123-134
• /
• 2014

As the data gets bigger recently, the demand for relational database management system (RDBMS) and NoSQL DBMS to process big data has been increased consistently. The digital forensic investigation method for RDBMS has been studied actively, but that for NoSQL DBMS, which is popularly used nowadays, has almost no research. This paper proposes the digital forensic investigation process and method for MongoDB, the most popularly used among NoSQL DBMS.

• Mass Spectrometry Letters
• /
• v.7 no.2
• /
• pp.31-40
• /
• 2016

The analysis of nuclear materials and environmental samples is an important issue in nuclear safeguards and nuclear forensics. An analysis technique for safeguard samples has been developed for the detection of undeclared nuclear activities and verification of declared nuclear activities, while nuclear forensics has been developed to trace the origins and intended use of illicitly trafficked nuclear or radioactive materials. In these two analytical techniques, mass spectrometry has played an important role in determining the isotope ratio of various nuclides, contents of trace elements, and production dates. These two techniques typically use similar analytical instruments, but the analytical procedure and the interpretation of analytical results differ depending on the analytical purpose. The isotopic ratio of the samples is considered the most important result in an environmental sample analysis, while age dating and impurity analysis may also be important for nuclear forensics. In this review, important aspects of these techniques are compared and the role of mass spectrometry, along with recent progress in related technologies, are discussed.

• The Journal of Information Technology
• /
• v.10 no.3
• /
• pp.93-120
• /
• 2007

A Smart Home is a technically expanded from home network that gives us a comfortable life. But still there is a problem such as mal function of devices and intrusions by malicious parties since it is based on home network. The intrusion by malicious parties causes a critical problem to the individual's privacy. Therefore to take legal actions against to the intruders, the intrusion evidence collecting and managing technology are widely researched in the world. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That's why we have to prove the evidence's integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• The KIPS Transactions:PartC
• /
• v.15C no.3
• /
• pp.141-148
• /
• 2008

Windows Vista published by Microsoft provides more powerful security mechanisms than previous Windows operating systems. In the forensics point of view, new security mechanisms make it more difficult to get data related to the criminals in a storage device. In this paper, we analyze BitLocker introduced as an new security mechanism in Windows Vista. Also, compared to the previous Windows operating systems, the changes and security issues of UAC and EFS in Windows Vista are discussed in the forensics point of view. Futhermore, we discuss other characteristics of Windows Vista useful for forensic examinations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1557-1569
• /
• 2017

In recent times, the Internet of Things (IoT) has rapidly emerged as one of the most influential information and communication technologies (ICT). The various constituents of the IoT together offer novel technological opportunities by facilitating the so-called "hyper-connected world." The fundamental tasks that need to be performed to provide such a function involve the transceiving, storing, and analyzing of digital data. However, it is challenging to handle voluminous data with IoT devices because such devices generally lack sufficient computational capability. In this study, we examine the IoT from the perspective of security and digital forensics. SQLite is a light-weight database management system (DBMS) used in many IoT applications that stores private information. This information can be used in digital forensics as evidence. However, it is difficult to obtain critical evidence from IoT devices because the digital data stored in these devices is frequently deleted or updated. To address this issue, we propose Schema Pattern-based Recovery (SPaRe), an SQLite recovery scheme that leverages the pattern of a database schema. In particular, SPaRe exhaustively explores an SQLite database file and identifies all schematic patterns of a database record. We implemented SPaRe on an iPhone 6 running iOS 7 in order to test its performance. The results confirmed that SPaRe recovers an SQLite record at a high recovery rate.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.8
• /
• pp.3488-3500
• /
• 2020

At the present time, the economy continues to flourish, and private cars have become the means of choice for most people. Therefore, the license plate recognition technology has become an indispensable part of intelligent transportation, with research and application value. In recent years, the convolution neural network for image classification is an application of deep learning on image processing. This paper proposes a strategy to improve the YOLO model by studying the deep learning convolutional neural network (CNN) and related target detection methods, and combines the OpenCV and TensorFlow frameworks to achieve efficient recognition of license plate characters. The experimental results show that target detection method based on YOLO is beneficial to shorten the training process and achieve a good level of accuracy.

• Journal of Korea Multimedia Society
• /
• v.10 no.3
• /
• pp.365-372
• /
• 2007

The information of world is most likely to be created as digital data. These digital productions need some legal protection mechanisms or techniques because users can illegally use them. Thus many researchers are developing various techniques. Currently most techniques are focusing on the physical and chemical methods like disk inspection for taking legal evidence about production infringement. This paper has developed a computer forensics-based copyrights protection system capable of detecting and notifying disobedience facts when user uses illegally a production. Furthermore if the user infringes continually the production the system stores the infringement facts to take the legal evidence by mapping to law for intellectual property right. The technique can protect data from digital evidence manipulation or destruction.