• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1442-1445
• /
• 2009

기존의 디지털 포렌식 기술은 하드 디스크 등에서 증거 자료를 수집하는 기술을 연구해 왔다. 하지만 최근 루트킷 등 악성 프로그램의 은닉 기술 발달로 디스크 악성 프로그램의 흔적이 남지 않게 되었고, 디스크 용량의 기하급수적인 증가로 필요한 증거 자료를 찾기 위해 디스크를 탐색하는 시간이 증가하였다. 메모리 포렌식 기술은 기존의 디지털 포렌식의 단점을 보완하는 새로운 연구분야로, 동작 중인 시스템에서 메모리 내부의 정보를 수집하고 분석하는 데 초점을 맞추고 있다. 본 논문에서는 메모리 포렌식 기법으로 수집할 수 있는 자료인 파일 정보를 동작 중인 메모리에서 수집하고 분석하는 방법에 대해 알아본다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.491-498
• /
• 2016

Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1345-1354
• /
• 2012

The modern society with the wide spread USB memory, witnesses the acceleration in the development of USB products that applied secure technology. Secure USB is protecting the data using the method as device-based access control, encryption of stored files, and etc. In terms of forensic analyst, to access the data is a lot of troubles. In this paper, we studied software-based data en/decryption technology and proposed for analysis mechanism to validation vulnerability that secured on removable storage media. We performed a vulnerability analysis for USB storage device that applied security mechanism. As a result, we found vulnerabilities that extracts a source file without a password.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.37-47
• /
• 2023

The growth of the metaverse has been accelerated by the increased demand for non-face-to-face interactions due to COVID-19 and advancements in technologies such as blockchain and NFTs. However, with the emergence of various metaverse platforms and the corresponding rise in users, criminal cases such as ransomware attacks, copyright infringements, and sexual offenses have occurred within the metaverse. Consequently, the need for artifacts that can be utilized as digital evidence within metaverse systems has increased. However, there is a lack of information about artifacts that can be used as digital evidence. Furthermore, metaverse security evaluation and forensic analysis are also insufficient, and the absence of attack scenarios and related guidelines makes forensics challenging. To address these issues, this paper presents artifacts that can be used for user behavior analysis and timeline analysis through dynamic analysis of Roblox, a representative metaverse gaming solution. Based on analyzing interrelationship between identified artifacts through memory forensics and log file analysis, this paper suggests the potential usability of artifacts in metaverse crime scenarios. Moreover, it proposes improvements by analyzing the current legal and regulatory aspects to address institutional deficiencies.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.06a
• /
• pp.214-217
• /
• 2022

In the maritime digital forensic part, it is very important and difficult process that analysis of data and information with vessel navigation system's binary log data for situation awareness of maritime accident. In recent years, analysis of vessel's navigation system's trajectory information is an essential element of maritime accident investigation. So, we made an experiment about corruption with various memory device in navigation system. The analysis of corruption test in seawater give us important information about the valid pulling time of sunken ship for acquirement useful trajectory information.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.45-55
• /
• 2023

With the widespread use of digital devices, anonymous communication technologies such as the dark web and deep web are becoming increasingly popular for criminal activity. Because these technologies leave little local data on the device, they are difficult to track using conventional crime investigation techniques. The United States and the United Kingdom have enacted laws and developed systems to address this issue, but South Korea has not yet taken any significant steps. This paper proposes a new blockchain-based crime investigation method that uses physical memory data analysis to track the behavior of anonymous network users. The proposed method minimizes infringement of basic rights by only collecting physical memory data from the device of the suspected user and storing the tracking information on a blockchain, which is tamper-proof and transparent. The paper evaluates the effectiveness of the proposed method using a simulation environment and finds that it can track the behavior of dark website users with a residual rate of 77.2%.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.103-106
• /
• 2008

물리 메모리 영역에는 증거로 활용될 수 있는 프로세스 정보와 이름, ID, 비밀 번호, 전자 메일 주소 등의 정보를 담고 있다. 또 용의자가 행위를 감추기 위해 안티 포렌식 기법을 사용하여 저장매체 상에서 완전 삭제한 파일의 잔여 데이터를 취득할 수 있는 가능성이 있다. 하드 디스크와 같은 저장 매체의 경우 증거 수집 절차시 Hash와 같은 무결성 보장 과정을 거쳐 복사본의 유효성 확인이 가능하지만 물리 메모리 영역의 경우 운용 중인 시스템에서 발생하는 운영체제와 응용 프로그램의 동작에 의한 지속적인 데이터의 변화로 무결성 및 동일한 대상에서 수집되었다는 것을 확인하기 어렵고 소프트웨어 기반의 수집은 시스템의 상태를 변화 시킨다. 본 논문에서는 물리 메모리 영역 수집 기법을 알아보고 IEEE1394의 특성을 이용한 하드웨어 기반 물리 메모리 영역 수집 도구를 구현하였다. 또 수집된 물리 메모리 덤프를 이용하여 물리 메모리에서 얻을 수 있는 정보를 확인하고 동일 대상의 메모리와 다른 대상의 메모리를 비교하여 그 차이를 확인한다.

• The Journal of the Acoustical Society of Korea
• /
• v.36 no.2
• /
• pp.136-143
• /
• 2017

In this paper, we propose a method for restoring damaged audio files using deep neural network. It is different from the conventional file carving based restoration. The purpose of our method is to infer lost information which can not be restored by existing techniques such as the file carving. We have devised methods that can automate the tasks which are essential for the restoring but are inappropriate for humans. As a result of this study it has been shown that it is possible to restore the damaged files, which the conventional file carving method could not, by using tasks such as speech or nonspeech decision and speech encoder recognizer using a deep neural network.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.12
• /
• pp.133-141
• /
• 2014

An efficient method for reducing power consumption in pipelined deep packet inspection systems is proposed. It is based on the observation that the number of memory accesses is dominant for the power consumption and the number of accesses drops drastically as the input goes through stages of the pipelined AC-DFA. A DPI system is implemented where the operating frequency of the stages that are not frequently used in the pipeline is reduced to eliminate the waste of power consumption. The power consumption of the proposed DPI system is measured upon various input character set and up to 25% of reduction of total power consumption is obtained, compared to those of the recent DPI systems. The method can be easily applied to other pipelined architecture and string searching applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.369-378
• /
• 2020

Due to the widespread use of mobile devices, smartphone penetration and usage rate continue to increase and there is also an increasing amount of data that need to be stored and managed in applications. Therefore, recent applications use mobile databases to store and manage user data. Realm database, developed in 2014, is attracting more attention from developers because of advantages of continuous updating, high speed, low memory usage, simplicity and readability of the code. It also supports an encryption to provide confidentiality and integrity of personal information stored in the database. However, since the encryption can be used as an anti-forensic technique, it is necessary to analyze the encryption and decryption processes provided by Realm Database. In this paper, we analyze the structure of Realm Database and its encryption and decryption process in detail, and analyze an application that supports an encryption to propose the use cases of the Realm Database.