• Journal of Korea Multimedia Society
• /
• v.12 no.10
• /
• pp.1450-1456
• /
• 2009

By the explosive growth of IT technologies, mobile phones have embedded a lot of functions and everyone can use them with facility. But there are various cybercrimes as invasions of one's privacy or thefts of company's sensitive information using a built-in digital camera function in a mobile phone. In this paper, we propose a scheme for analyzing evidences by digital pictures on mobile phones. Therefore we analyze the features of digital pictures on mobile phones and make databases of characteristic patterns based on the vendor and the model of mobile phone. The proposed scheme will help to acquire digital evidences by providing a better decision of the vendor and/or the model of mobile phone by cybercrime suspects.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.149-153
• /
• 2011

2010년에는 국내에 Smart Phone이 확산되면서, Smart Phone은 단순한 음성통신정보 전달 이외에 기존의 인터넷 PC가 정보를 전달 할 수 있는 전자책, 영화, 음악, 콘텐츠 영역으로 확장되고 있다. 하지만 Smart Phone 사용자들은 멀티미디어 저작권 콘텐츠를 불법으로 이용하고 있다. 또한 이동통신 단말로서 Smart Phone관련 범죄 증거의 생성, 저장된 디지털 증거는 증거의 활용도가 높아 모바일 포렌식 연구가 필요하다. 본 논문에서 Smart Phone에서 저작권 위반 내용들을 전자책, 영화, 음악, 콘텐츠 영역으로 조사한다. 저작권 위반 Smart Phone 증거자료를 추출하고 분석하기 위한 SYN 방식과 JTAG 방식을 연구한다. Smart Phone SYN 방식과 JTAG 방식으로 Smart Phone의 저작권 위반 자료를 추출하여 복원하고, 자료를 분석하였다. 본 연구 결과는 저작권위반 단속 기술 향상과 포렌식 수사 기술 발전에 기여 할 수 있을 것이다.

• Analytical Science and Technology
• /
• v.35 no.2
• /
• pp.82-91
• /
• 2022

Grayanotoxin-contaminated honey exhibits toxicity. In this study, a reliable and sensitive liquid-chromatography-tandem-mass-spectrometric method (LC-MS/MS) was developed and validated for the quantitation of grayanotoxin I and grayanotoxin III in honey. The grayanotoxins were extracted from honey via solid phase extraction and separated on a biphenyl column with a mobile phase consisting of 0.5 % acetic acid in water and methanol. Mass spectrometric detection was performed in the multiple-reaction monitoring mode with positive electrospray ionization. The calibration curve covered the range 0.25 to 100 ㎍/g. The intra- and inter-day deviations were less than 10.6 %, and the accuracy was between 94.3 and 114.0 %. The validated method was successfully applied to the determination of grayanotoxins in mad honey from Nepal. The concentrations of grayanotoxin I and grayanotoxin III in 33 out of 60 mad honey samples were 0.75 - 64.86 ㎍/g and 0.25 - 63.99 ㎍/g, respectively. The method established herein would help in preventing and confirming grayanotoxin poisoning.

• Mass Spectrometry Letters
• /
• v.5 no.4
• /
• pp.104-109
• /
• 2014

Nonmedical use of prescription stimulants such as methylphenidate (MPH) and amphetamine (AP) by normal persons has been increased to improve cognitive functions. Due to high potential for their abuse, reliable analytical methods were required to detect these prescription stimulants in biological samples. A direct injection liquid chromatography-tandem mass spectrometric (LC-MS/MS) method was developed and implemented for simultaneous determination of MPH, AP and their metabolites ritalinic acid (RA) and 4-hydroxyamphetamine (HAP) in human urine. Urine sample was centrifuged and the upper layer ($100{\mu}L$) was mixed with $800{\mu}L$ of distilled water and $100{\mu}L$ of internal standards ($0.2{\mu}g/mL$ in methanol). The mixture was then directly injected into the LC-MS/MS system. The mobile phase was composed of 0.2% formic acid in distilled water (A) and acetonitrile (B). Chromatographic separation was performed by using a Capcell Pak MG-II C18 ($150mm{\times}2.0mm$ i.d., $5{\mu}m$, Shiseido) column and all analytes were eluted within 5 min. Linear least-squares regression with a 1/x weighting factor was used to generate a calibration curve and the assay was linear from 20 to 1500 ng/mL (HAP), 40-3000 ng/mL (AP and RA) and 2-150 ng/mL (MPH). The intra- and inter-day precisions were within 16.4%. The intra- and inter-day accuracies ranged from -15.6% to 10.8%. The limits of detection for all the analytes were less than 4.7 ng/mL. The suitability of the method was examined by analyzing urine samples from drug abusers.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.25-32
• /
• 2018

As the use of smartphones become more common, the communication via instant messenger becomes natural. However, it is important to secure the relevant information promptly since the chat room between participants can be used as a space for a criminal conspiracy, and crime-related contents can be stored and deleted easily on smartphones. Therefore, this study aims to identify the available data and to use it as proof by comparing and analyzing the instant messengers with high usage rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1167-1174
• /
• 2015

As the market share of smartphone exponentially increases in mobile market, a number of manufacturers have developed their own operating system. Firefox OS is an open source operating system for the smartphone and tablet which is being developed by the Mozilla Foundation. This OS is designed using JavaScript and operated based on HTML5. Even though the number of manufacturers which release the Firefox OS smartphone is consistently increasing, However it is difficult to analyze artifacts in a smartphone in terms of investigation since existing researches on Firefox OS focused on imaging velocity according to abstract forensic process and block size. In this paper, we propose how to collect data in Firefox OS while minimizing data loss and forensic analysis framework based on analysis results on system and user data leaving in a smartphone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.67-80
• /
• 2012

Recently as the number of smartphone user is growing rapidly, android is also getting more interest in digital forensic. However, there is not enough research on digital data acquisition and analysis based on android platform's unique characteristics so far. Android system stores all the related recent systemwide logs from the system components to applications in volatile memory, and therefore, the logs can potentially serve as important evidences. In this paper, we propose a digital data acquisition and analysis system for android which extracts meaningful information based on the correlation of android logs and user activities from a device at runtime. We also present an efficient search scheme to facilitate realtime analysis on site. Finally, we demonstrate how the proposed system can be used to reconstruct the sequence of user activities in a more intuitive manner, and show that the proposed search scheme can reduce overall search and analysis time approximately 10 times shorter than the normal regular search method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.405-415
• /
• 2020

With the increase in smartphone user, mobile forensics has become an essential element in modern digital forensic investigation. Mobile messenger data is very important data in mobile forensics because it can acquire information such as user's life pattern and mental state. In order to analyze messenger data, a decryption technique of an encrypted messenger data is required. Since most messengers provide a message deleting function, a technique for recovering deleted messages is required. WeChat Messenger, a messenger used by about 1 billion people around the world, uses IMEI (International Mobile Equipment Identity) information to encrypt data and provides message deletion function. In this paper, we propose a data decryption method in the absence of IMEI information and propose a method for recovering deleted messages using FTS (Full Text Search) database created for full-text search function of SQLite database.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.13-20
• /
• 2023

This study conducted a digital forensic analysis of Signal and Telegram, two secure messengers widely used in the Android environment. As mobile messengers currently play an important role in daily life, data management and security within these apps have become very important issues. Signal and Telegram, among others, are secure messengers that are highly reliable among users, and they safely protect users' personal information based on encryption technology. However, much research is still needed on how to analyze these encrypted data. In order to solve these problems, in this study, an in-depth analysis was conducted on the message encryption of Signal and Telegram and the database structure and encryption method in Android devices. In the case of Signal, we were able to successfully decrypt encrypted messages that are difficult to access from the outside due to complex algorithms and confirm the contents. In addition, the database structure of the two messenger apps was analyzed in detail and the information was organized into a folder structure and file format that could be used at any time. It is expected that more accurate and detailed digital forensic analysis will be possible in the future by applying more advanced technology and methodology based on the analyzed information. It is expected that this research will help increase understanding of secure messengers such as Signal and Telegram, which will open up possibilities for use in various aspects such as personal information protection and crime prevention.

• Proceedings of the IEEK Conference
• /
• 2008.06a
• /
• pp.229-230
• /
• 2008

Recently, our lives have become more convenient and our work more efficient as a result of these cell phones. On the other hand, they have also caused diverse side-effects, including threats of blackmail with invasion of privacy, disclosure of personal information, as well as security breaches, and an overall increase in distrust between people. Recognizing the need to quickly collect digital evidence with an increase in cell phone crimes, this paper proposes to develop such standard module.