• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.353-363
• /
• 2021

As the Untact era is rapidly changing, collaboration tools are increasing their utilization and value as digital technologies for non-face-to-face work. While instant messenger-based collaboration tools support a variety of functions, crime and accident concerns are also increasing in proportion to their convenience, such as information leakage and security incidents. Meanwhile, the digital forensics perspective on collaborative tools is not enough, so forensics research is needed. This study analyzes significant artifacts in the two operating environments through Windows and Android forensics research on Microsoft Teams, the collaboration tool with the highest share in the world. Also, based on differences in artifacts and data attributes according to the operating environment, by applying 'differential forensic', we proved that the usefulness of evidence can be improved by presenting a complementary analysis method and timeline configuration through information linkage.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.1
• /
• pp.98-115
• /
• 2012

New trend called ubiquitous leads the recent business by standardization and integration. It should be the main issue how to guarantee the integration and accountability on each business, especially in mission critical system which is mainly supported by M2M (Machine to Machine) control mechanism. This study is from the analysis of digital forensics case study that is from the M2M Sensing Control Mechanism problem of the "Imjin River" case in 2009, where a group of family is swept away to death by water due to M2M control error. The ubiquitous surroundings bring the changes in the field of criminal investigation to real time controls such as M2M systems. The needs of digital forensics on M2M control are increasing on every crime scene but we suffer from the lack of control metrics to get this done efficiently. The court asks for more accurately analyzed results accounting high quality product development design. Investigators in the crime scene need real-time analysis against the crime caused by poor quality of mission critical systems. It seems to be every need of Real-Time-Enterprise, so called ubiquitous society on the case. We try to find the efficiency and productivity in discovering non-functional design defects in M2M convergence products focusing on three metrics in study model with quick implementation. Digital forensics system in present status depends on know-how of each investigator and is hard to expect professional analysis on every field. This study set up a hypothesis "Co-working of professional investigators on each field will qualify Performance and Integrity" especially in mission critical system such as M2M and suggests "Online co-work analysis model" to efficiently detect and prevent mission critical errors in advance. At the conclusion, this study proved the statistical research that was surveyed by digital forensics specialists around M2M crime scene cases with quick implementation of dash board.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.165-176
• /
• 2011

In this paper, we examine the reliability verification procedure of evidence analysis tools for computer forensics and test the famous tools for their functional requirements using the verification items proposed by standard document, TIAK.KO-12.0112. Also, we carry out performance evaluation based on test results and suggest the way of performance improvement for evidence analysis tools. To achieve this, we first investigate functions that test subjects can perform, and then we set up a specific test plan and create evidence image files which contain the contents of a verification items. We finally verify and analyze the test results. In this process, we can discover some weaknesses of most of analysis tools, such as the restoration for deleted & fragmented files, the identification of the file format which is widely used in the country and the processing of the strings composed of Korean alphabet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.179-192
• /
• 2024

macOS presents challenges for memory data acquisition due to its proprietary system architecture, closed-source kernel, and security features such as System Integrity Protection (SIP), which are exclusive to Apple's product line. Consequently, conventional memory acquisition tools are often ineffective or require system rebooting. This paper analyzes the status and limitations of existing memory forensics research and tools related to macOS. We investigate methods for memory acquisition and analysis across various macOS versions. Our findings include the development of a practical memory acquisition and analysis process for digital forensic investigations utilizing OSXPmem and dd tools for memory acquisition without system rebooting, and Volatility 2, 3 for memory data analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1057-1067
• /
• 2013

The market share of smartphones has been increasing more and more at the recent mobile market and smart devices and applications that are based on a variety of operating systems has been released. Given this reality, the importance of smart devices analysis is coming to the fore and the most important thing is to minimize data corruption when extracting data from the device in order to analyze user behavior. In this paper, we compare and analyze the area-specific changes that are the file system of collected image after obtaining root privileges on the Android OS and iOS based devices, and then propose the most efficient method to obtain root privileges.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.115-127
• /
• 2024

The recent increase in digital audio media has greatly expanded the size and diversity of sound data, which has increased the importance of sound data analysis in the digital forensics process. However, the lack of standardized procedures and guidelines for sound data analysis has caused problems with the consistency and reliability of analysis results. The digital environment includes a wide variety of audio formats and recording conditions, but current audio forensic methodologies do not adequately reflect this diversity. Therefore, this study identifies Life-Cycle-based sound data elemental technologies and provides overall guidelines for sound data analysis so that effective analysis can be performed in all situations. Furthermore, the identified elemental technologies were analyzed for use in the development of digital forensic techniques for sound data. To demonstrate the effectiveness of the life-cycle-based sound data elemental technology identification system presented in this study, a case study on the process of developing an emergency retrieval technology based on sound data is presented. Through this case study, we confirmed that the elemental technologies identified based on the Life-Cycle in the process of developing digital forensic technology for sound data ensure the quality and consistency of data analysis and enable efficient sound data analysis.

• Journal of Internet Computing and Services
• /
• v.23 no.2
• /
• pp.61-70
• /
• 2022

General users who use smartphone apps often use the Vault app to protect personal information such as photos and videos owned by individuals. However, there are increasing cases of criminals using the Vault app function for anti-forensic purposes to hide illegal videos. These apps are one of the apps registered on Google Play. This paper proposes a methodology for extracting feature points through XML-based keyword frequency analysis to explore Vault apps used by criminals, and text mining techniques are applied to extract feature points. In this paper, XML syntax was compared and analyzed using strings.xml files included in the app for 15 hidden Vault anti-forensics apps and non-hidden Vault apps, respectively. In hidden Vault anti-forensics apps, more hidden-related words are found at a higher frequency in the first and second rounds of terminology processing. Unlike most conventional methods of static analysis of APK files from an engineering point of view, this paper is meaningful in that it approached from a humanities and sociological point of view to find a feature of classifying anti-forensics apps. In conclusion, applying text mining techniques through XML parsing can be used as basic data for exploring hidden Vault anti-forensics apps.

• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.11-18
• /
• 2005

With the develoment of IT(Information Technologies) in Internet, Digital crime are increasing explosive every year. Recently, digital crime is taken advantage of technical and expert skill. It is necessary to investigate a digital crime that Digital forensic process standardization, Specialist training & education, R&D, Government support. So in this paper we proposed device of the grow of digital forensic that make analysis of the present state domestic digital forensic technique.

• Journal of Internet Computing and Services
• /
• v.25 no.3
• /
• pp.1-8
• /
• 2024

As the Internet of Things (IoT) has gained significant prominence in our daily lives, most IoT devices rely on over-the-air technology to automatically update firmware or software remotely via the network connection to relieve the burden of manual updates by users. And preserving security for OTA interface is one of the main requirements to defend against potential threats. This paper presents a simulation of an attack scenario on the commoditized System-on-a-chip, ESP32 chip, utilized for drones during their OTA update process. We demonstrate three types of attacks, WiFi cracking, ARP spoofing, and TCP SYN flooding techniques and postpone the OTA update procedure on an ESP32 Drone. As in this scenario, unpatched IoT devices can be vulnerable to a variety of potential threats. Additionally, we review the chip to obtain traces of attacks from a forensics perspective and acquire memory forensic artifacts to indicate the SYN flooding attack.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.680-693
• /
• 2018

Nowadays, third-party applications form an important part of the mobile environment, and social networking applications in particular can leave a variety of user footprints compared to other applications. Digital forensics of mobile third-party applications can provide important evidence to forensics investigators. However, most mobile operating systems are now updated on a frequent basis, and developers are constantly releasing new versions of them. For these reasons, forensic investigators experience difficulties in finding the locations and meanings of data during digital investigations. Therefore, this paper presents scenario-based methods of forensic analysis for a specific third-party social networking service application on a specific mobile device. When applied to certain third-party applications, digital forensics can provide forensic investigators with useful data for the investigation process. The main purpose of the forensic analysis proposed in the present paper is to determine whether the general use of third-party applications leaves data in the mobile internal storage of mobile devices and whether such data are meaningful for forensic purposes.