• Journal of KIISE:Databases
• /
• v.36 no.2
• /
• pp.63-72
• /
• 2009

Digital forensics refers to finding electronic evidences related to crimes. As cyber crimes are increasing daily, digital forensics for finding electronic evidences is also becoming important. At present, various aspects of digital forensics have being researched including the overall process model and analysis techniques such as network forensics, system forensics and database forensics for digital forensics. Regarding database forensics, only analysis techniques dependent on specific vendors have been suggested. And general process models and analysis techniques which can be used in various databases have not been studied. This paper proposes an integrated process model and analysis technique for database forensics. The proposed database forensics model (DFM) allows us to solve problems and analyze databases according to the situation and purpose, and to use a standard model and techniques for various database analyses. In order to test our model(DFM), we applied it to various database analyses. And we confirmed the results of our experiment that it can be applicable to acquisition in the scene as well as analysis of data relationships.

• Journal of the Korea Safety Management & Science
• /
• v.6 no.3
• /
• pp.327-337
• /
• 2004

The soaring increase in the number of Internet users combined with the constant computerization of business process has created new opportunities for computer criminals and terrorist. Fortunately, the computer security field is also progressing at a brisk rate. In particular, the field of computer forensics brings new ways of preserving and analyzing evidence related to computer crime. Computer forensics is a new emerging professions of the 21st century. It is the collection, preservation, analysis, and presentation of computer related evidence. For this reason, the various technology of computer forensics is regarded as a powerful tool for suppressing computer crime. Our aims is to introduce the overview of computer forensics technology. We also present the survey results of the state of the art of computer forensics in the domestics and of foreign country.

• International conference on construction engineering and project management
• /
• 2022.06a
• /
• pp.1240-1240
• /
• 2022

Construction projects are fraught with risks from cost or other overruns to accidents along with other issues. This is true whether the relevant organization is an owner, general contractor, CM, specialty-trade contractor, or other entity. When cost issues or other issues confront arise, how should an organization proceed whether attempting to gain additional compensation in terms of cost/other damages or protecting the same against such claims if they do not appear to be warranted? Enter construction cost forensics. This presentation will focus on strategies/techniques with construction cost forensics in these areas in order to be successful. Covered techniques include those to develop and analyze claims including fundamental construction cost analysis techniques. When an unexpected event disrupts a construction project, using sound analytical methods to identify the cause and quantify the extent of the issue will be important for negotiating a fair result or for obtaining a successful outcome in arbitration or litigation. Key examples of uncovering issues via construction cost forensics will be covered in this presentation.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.178-192
• /
• 2021

File system forensics typically focus on the contents or timestamps of a file, and it is common to work around file/directory centers. But to recover a deleted file on the disk or use a carving technique to find and connect partial missing content, the evidence must be analyzed using cluster-centered analysis. Forensics tools such as EnCase, TSK, and X-ways, provide a basic ability to get information about disk clusters, but these are not the core functions of the tools. Alternatively, Sysinternals' DiskView tool provides a more intuitive visualization function, which makes it easier to obtain information around disk clusters. In addition, most current tools are for Windows. There are very few forensic analysis tools for MacOS, and furthermore, cluster analysis tools are very rare. In this paper, we developed a tool named FACT (Forensic Analyzer based Cluster Information Tool) for analyzing the state of clusters in a HFS+ file system, for digital forensics. The FACT consists of three features, a Cluster based analysis, B-tree based analysis, and Directory based analysis. The Cluster based analysis is the main feature, and was basically developed for cluster analysis. The FACT tool's cluster visualization feature plays a central role. The FACT tool was programmed in two programming languages, C/C++ and Python. The core part for analyzing the HFS+ filesystem was programmed in C/C++ and the visualization part is implemented using the Python Tkinter library. The features in this study will evolve into key forensics tools for use in MacOS, and by providing additional GUI capabilities can be very important for cluster-centric forensics analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.851-860
• /
• 2014

With an increasing demand of powerful electronic goods, smart TV containing network module with digital TV gets more popular. These change are meaningful from a digital forensics perspective because smart TV store more user's data than digital TV. In this paper, we suggest smart TV forensics as a branch of digital forensics. With smart TV forensics, investigator can trace more wide age group's activities than existing digital forensics analysis.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.1-10
• /
• 2021

Cyberbullying has become a severe issue and brought a powerful impact on the cyber world. Due to the low cost and fast spreading of news, social media has become a tool that helps spread insult, offensive, and hate messages or opinions in a community. Detecting cyberbullying from social media is an intriguing research topic because it is vital for law enforcement agencies to witness how social media broadcast hate messages. Twitter is one of the famous social media and a platform for users to tell stories, give views, express feelings, and even spread news, whether true or false. Hence, it becomes an excellent resource for sentiment analysis. This paper aims to detect cyberbully threats based on Naïve Bayes, support vector machine (SVM), and k-nearest neighbour (k-NN) classifier model. Sentiment analysis will be applied based on people's opinions on social media and distribute polarity to them as positive, neutral, or negative. The accuracy for each classifier will be evaluated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.71-82
• /
• 2011

Live data in physical memory can be acquired by live forensics but not by harddisk file-system analysis. Therefore, in case of forensic investigation, live forensics is widely used these days. But, existing live forensic methods, that use command line tools in live system, have many weaknesses; for instance, it is not easy to re-analyze and results can be modified by malicious code. For these reasons, in this paper we explain the Windows kernel architecture and how to analyze physical memory dump files to complement weaknesses of traditional live forensics. And then, we design and implement the Physical Memory Dump Explorer, and prove the effectiveness of our tool through test results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.647-659
• /
• 2023

As digital evidence becomes more important in criminal investigations, disputes are increasing in court. As media diversifies and the scope of analysis expands, the level of expertise in digital forensics is also increasing. However, no competency model has been developed to define the capabilities of digital evidence examiners or to judge their expertise. There have been some studies that have derived the capabilities necessary for digital evidence examiner, but they are still insufficient. Therefore, in this study, 25 competency evaluation factors in a total of 9 competency groups were defined using methodologies such as expert FGI and Delphi survey. Specifically, it was defined as Digital Forensics Theory, Digital Evidence Collection&Management, Disk Forensics, Mobile Forensics, Video Forensics, infringement forensics, DB Forensics, Embedded(IoT) Forensics, and Cloud Forensics. The digital evidence examiner competency model is expected to be used in various fields such as recruitment, education and training, and performance evaluation in the future.

• Convergence Security Journal
• /
• v.3 no.1
• /
• pp.7-22
• /
• 2003

The legal dispute of electronic commerce and computer crimes are increasing because the electronic services like e-government and e-commerce are now widely used. Computer Forensics becomes the method for recovery, preservation, analysis and report regarding digital evidence essential to resolve the legal dispute and computer crime. In this paper, the developmental process of Computer Forensics is discussed. It is intended to elicit constructive discussion regarding the domestic Computer Forensics. And this discussion will be of help to establish the secure e-business and e-government services in the field of the research, legal system and technical skill of domestic Computer Forensics.

• KSCI Review
• /
• v.14 no.2
• /
• pp.245-254
• /
• 2006

Web Forensics algorithm used to an extraction of technical Web Forensics data to be adopted to proof data regarding a crime cyber a computer at data of a great number of log History is an essential element. Propose Web Forensics algorithm, and design at these papers, and try to implement in a Web server system of an actual company. And make the Web dispatch Loging system configuration experiment that applied integrity regarding Web log History information or authentication regarding an information source. Design Web Forensics algorithm and the Flow which used for Web log History analyses at server of e-mail, webmail, HTTP (Web BBS, Blog etc.), FTP, Telnet and messengers (MSN, NateOn, Yahoo, DaumTouch. BuddyBuddy, MsLee, AOL, SoftMe) of a company, and implement through coding. Therefore have a purpose of these paper to will contribute in scientific technical development regarding a crime cyber a computer through Web Forensics.