• The Korean Journal of Legal Medicine
• /
• v.42 no.4
• /
• pp.146-152
• /
• 2018

We investigated the neural correlates of accurate eyewitness memory retrieval using functional near-infrared spectroscopy. We analyzed oxygenated hemoglobin ($HbO_2$) concentration in the prefrontal cortex during eyewitness memory retrieval task and examined regional $HbO_2$ differences between observed objects (target) and unobserved objects (lure). We found that target objects elicited increased activation in the bilateral ventrolateral prefrontal cortex, which is known for monitoring retrieval processing via bottom-up attentional processing. Our results suggest bottom-up attentional mechanisms could be different during accurate eyewitness memory retrieval. These findings indicate that investigating retrieval mechanisms using functional near-infrared spectroscopy might be useful for establishing an accurate eyewitness recognition model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.71-82
• /
• 2011

Live data in physical memory can be acquired by live forensics but not by harddisk file-system analysis. Therefore, in case of forensic investigation, live forensics is widely used these days. But, existing live forensic methods, that use command line tools in live system, have many weaknesses; for instance, it is not easy to re-analyze and results can be modified by malicious code. For these reasons, in this paper we explain the Windows kernel architecture and how to analyze physical memory dump files to complement weaknesses of traditional live forensics. And then, we design and implement the Physical Memory Dump Explorer, and prove the effectiveness of our tool through test results.

• The Korean Journal of Legal Medicine
• /
• v.39 no.4
• /
• pp.115-119
• /
• 2015

We investigated event-related potentials (ERPs) to estimate the accuracy of eyewitness memories. Participants watched videos of vehicles being driven dangerously, from an anti-impaired driving initiative. The four-letter license plates of the vehicles were the target stimuli. Random numbers were presented while participants attempted to identify the license plate letters, and electroencephalograms were recorded. There was a significant difference in activity 300-500 milliseconds after stimulus onset, between target stimuli and random numbers. This finding contributes to establishing an eyewitness recognition model where different ERP components may reflect more explicit memory that is dissociable from recollection.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.1
• /
• pp.95-102
• /
• 2015

Smartphone is very useful for use in the real world, but it has been exposed to a lot of crime by smartphone. Also, it occurs attempting to delete a data of smartphone memory by anti-forensic tools. In this paper, we implement an anti-forensic tool used in the Android. In addition, tests to validate the availability of the anti-forensic tool by the Oxygen Forensic Suite that is a commercial forensic tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.87-96
• /
• 2006

In this paper, we examine general digital evidence collection process which is according to RFC3227 document[l], and establish specific steps for memory information collection. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system. Especially, we discovered sensitive data which is like password and userID that exist in the half of pagefiles. Moreover, we suggest each analysis technique and computer forensic process for memory information and virtual memory.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.6
• /
• pp.855-861
• /
• 2013

Smartphone is very useful for use in the real life through the improvement of computing power, faster data rate and the variety of applications. On the other hand, using the smartphone has been exposed to a lot of crime. Also, it occurs attempting to delete a data of smartphone memory by anti-forensic tools. In this paper, we investigate and analyze the anti-forensic tools used in the Android smartphone to study the characteristics and techniques of anti-forensic tools. In addition, experiments are performed to validate the availability of anti-forensic tools by the Oxygen Forensic Suite that is a commercial forensic tool.

• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.7-12
• /
• 2023

One of the most important characteristics of digital forensics is integrity. Integrity means that the data has not been tampered with. If evidence is collected during digital forensic and later tampered with, it cannot be used as evidence. With analog evidence, it's easy to see if it's been tampered with, for example, by taking a picture of it. However, the data on the storage media, or digital evidence, is invisible, so it is difficult to tell if it has been tampered with. Therefore, hash values are used to prove that the evidence data has not been tampered with during the process of collecting evidence and submitting it to the court. The hash value is collected from the stored data during the evidence collection phase. However, due to the internal behavior of NAND flash memory, the physical data shape may change over time from the acquisition phase. In this paper, we study the characteristics and techniques of flash memory that can cause the physical shape of flash memory to change even if no intentional data corruption is attempted.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.271-272
• /
• 2014

As E-discovery in criminal investigation is increasing, the importance of Forensic Tools which can legally extract data with high effectiveness is getting higher. Digital products are growing fast. Therefore, Forensic Tools should be implemented readily to suit users and events well. Although forensic industry and governments use expensive forensic tools, some have suggested limitations to its use, such as memory limitations and the limits of post-audit. We need to develop open source forensic tools that can implement a variety of forensic tool fast. This research studies digital forensics technical skills which are commercialized currently and suggests applicable strategies of the open digital forensics to help overcome these limitations.

• 한국정보통신설비학회:학술대회논문집
• /
• 2007.08a
• /
• pp.142-146
• /
• 2007

Digital Rights Management (DRM) technology has been widely used for protecting the digital contents over the recent years. But the digital contents protected by DRM are vulnerable to various video memory capture programs when DRM packaged contents are decrypted on the consumers' multimedia devices. To make up for this kind of DRM security holes the Forensic Marking (FM) technology is being deployed into the content protection area. Most leading DRM companies as well as big electronics companies like Thomson and Philips already have commercial FM solutions. Forensic Marking technology uses the digital watermarking to insert the user information such as user id, content playing time and etc. into the decrypted and decoded content at the playback time on the consumer devices. When the content containing watermarked user information (Forensic Mark) is illegally captured and distributed over the Internet, the FM detection system takes out the inserted FM from the illegal contents and informs contents service providers of the illegal hacker's information. In this paper the requirements and test conditions are discussed for the commercial Forensic Marking systems.