• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.893-906
• /
• 2023

Awareness that smartphones can be used as tools for criminal activity is prevalent in many organizations, but the functionally smartphone-like smartwatch's potential as a criminal tool is being overlooked. Considering this situation, this research verifies the possibility of information leakage through an insider's smartwatch in a situation where smartphones are controlled by security regulations and technologies, but smart watch are not. By analyzing information related application usage and Wi-Fi connection generated in the smartwatch during the verification process, forensic information and limitations are identified. Finally, this research proposes preventive methods to prepare for potential smartwatch-related crimes, and reconsiders awareness of the possibility of using smartwatches as criminal tools.

• Analytical Science and Technology
• /
• v.31 no.4
• /
• pp.161-170
• /
• 2018

The epidemic of disorders associated with synthetic stimulants, such as methamphetamine (MA) and amphetamine (AP), is a health, social, legal, and financial problem. Owing to the high potential of their abuse and addiction, reliable analytical methods are required to detect and identify MA, AP, and their metabolites in biological samples. Thus, a dilute-and-shoot liquid chromatography-tandem mass spectrophotometry (LC-MS/MS) was developed for simultaneous determination of MA, 4-hydroxymethamphetamine (4HMA), AP, and 4-hydroxyamphetamine (4HA) in urine. Urine sample ($100{\mu}L$) was mixed with $50{\mu}L$ of mobile phase consisting of 0.4 % formic acid and methanol and $50{\mu}L$ of working internal-standard solution. Aliquots of $8{\mu}L$ diluted urine was injected into the LC-MS/MS system. For all analytes, chromatographic separation was performed using a C18 reversed-phase column with gradient elution and a total run time of 5 min. The identification and quantification were performed by multiple reaction monitoring (MRM). Linear least-squares regression was conducted to generate a calibration curve, with $1/x^2$ as the weighting factor. The linear ranges were 2.0-200, 1.0-800, and 10-2500 ng/mL for 4HA and 4HMA, AP, and MA, respectively. The inter- and intraday precisions were within 6.6 %, whereas the inter- and intraday accuracies ranged from -14.9 to 11.3 %. The low limits of quantification were 2.0 ng/mL (4HA and 4HMA), 1.0 ng/mL (AP), and 10 ng/mL (MA). The proposed method exhibited satisfactory selectivity, dilution integrity, matrix effect, and stability, which are required for validation. Moreover, the purification efficiency of high-speed centrifugation was clearly higher than 6-15 % for QC samples (n=5), which was higher than that of the membrane-filtration method. The applicability of the proposed method was tested by forensic analysis of urine samples from drug abusers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.827-839
• /
• 2012

A cell phone is very close to the user and therefore should be considered in digital forensic investigation. Recently, the proportion of smartphone owners is increasing dramatically. Unlike the feature phone, users can utilize various mobile application in smartphone because it has high-performance operating system (e.g., Android, iOS). As acquisition and analysis of user data in smartphone are more important in digital forensic purposes, smartphone forensics has been studied actively. There are two way to do smartphone forensics. The first way is to extract user's data using the backup and debugging function of smartphones. The second way is to get root permission, and acquire the image of flash memory. And then, it is possible to reconstruct the filesystem, such as YAFFS, EXT, RFS, HFS+ and analyze it. However, this methods are not suitable to recovery and analyze deleted data from smartphones. This paper introduces analysis techniques for fragmented flash memory pages in smartphones. Especially, this paper demonstrates analysis techniques on the image that reconstruction of filesystem is impossible because the spare area of flash memory pages does not exist and the pages in unallocated area of filesystem.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.175-184
• /
• 2006

Computer Forensics functions by defending the effects and extracting the evidence of the side effects for production at the court. Has the faultlessness of the digital evidence been compromised during the investigation, a critical evidence may be denied or not even be presented at the trial. The presented monograph will deliberate the faultlessness-establishing chain procedures in disk forensics, system forensics, network forensics, mobile forensics and database forensics. Once the faultlessness is established by the methods proposed, the products of investigation will be adopted as a leading evidence. Moreover, the issues and alternatives in the reality of digital investigation are presented along with the actual computer forensics cases, hopefully contributing to the advances in computer digital forensics and the field research of information security.

• Korean Journal of Pharmacognosy
• /
• v.43 no.2
• /
• pp.137-146
• /
• 2012

Dipsaci Radix (Dipsacaceae) has been used as a tonic, an analgesic, anti-inflammatory and anti-complement agents in traditional herbal medicine for the therapy of low back pain, knee pain, rheumatic arthritis, traumatic hematoma, and bone fractures. A high-performance liquid chromatography-electrospray ionization-mass spectrometric method (HPLC-ESI-MS) was developed for the simultaneous quantitation method of the five compounds from the herbal drug: asperosaponin VI and asperosaponin XII (terpene glycosides), sweroside, loganin and dipsacus A(iridoid glycosides). HPLC separation of the analytes was achieved on a C18 column ($150{\times}2.0$ mm i.d., 5 ${\mu}m$) using the aqueous methanol containing 5 mM ammonium acetate with gradient flow of the mobile phase. Detection of the analytes was performed by positive ion electrospray ionization, and selected ion monitoring was used for data acquisition using m/z corresponding molecular adduct ion, $[M+NH_4]^+$ and $[M+H]^+$. Calibration graphs showed good linearity ($r^2$=0.9997) over the wide range of the analytes; intra- and inter-day precisions (RSD, %) were within 9.1% and the accuracy between 94.0-111.0%. Recoveries of the analytes through the assay procedure were in the range of 93.7-110.8%. Analytical results of the herbal drugs of Dipsaci Radix (17 samples) show wide distribution of the five marker compounds and clear difference of the species from Phlomidis Radix (4 samples). The developed method would provide a practical guide for the quality control of the herbal drug.

• Mass Spectrometry Letters
• /
• v.10 no.1
• /
• pp.18-26
• /
• 2019

We developed a bioanalytical method for simultaneous determination of nine NBOMe derivatives (25H-NBOMe, 25B-NBOMe, 25E-NBOMe, 25N-NBOMe, 25C-NBOH, 25I-NBOH, 25B-NBF, 25C-NBF, and 25I-NBF) in human plasma using liquid chromatography tandem mass spectrometry (LC-MS/MS). Human plasma samples were pre-treated using solid-phase extraction. Separation was achieved on a C18 column under gradient elution using a mobile phase containing 0.1% formic acid in acetonitrile and 0.1% formic acid in water at a flow rate of 0.3 mL/min. Mass detection was performed in the positive ion mode using multiple reaction monitoring. The calibration range was 1-100 ng/mL for all quantitative analytes, with a correlation coefficient greater than 0.99. The intra- and inter-day precision and accuracy varied from 0.85 to 6.92% and from 90.19 to 108.69%, respectively. The recovery ranged from 86.36 to 118.52%, and the matrix effects ranged from 27.09 to 99.72%. The stability was acceptable in various conditions. The LC-MS/MS method was validated for linearity, accuracy, precision, matrix effects, recovery and stability in accordance with the FDA guidance. The proposed method is suitable for reliable and robust routine screening and analysis of nine NBOMe derivatives in forensic field.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.184-186
• /
• 2022

Recently, as interest in personal information protection has increased, various apps for personal information protection have emerged. These apps protect data in various formats, such as photos, videos, and documents containing personal information, using encryption and hide functions. These apps can have a positive effect on personal information protection, but in digital forensics, they act as anti-forensic because they can be difficult to analyze data during the investigation process. In this paper, finds out PIN, an access control function, through reverse engineering on Calculator - photo vault, one of the personal information protection apps, and files such as photos and documents to which encryption and hide were applied. In addition, the vulnerability to this app was analyzed by research decryption for database files where logs for encrypted and hide files are stored.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.737-751
• /
• 2023

The importance of digital forensics in the cloud environment is increasing as businesses and individuals move their data from On-premise to the cloud. Cloud data can be stored on various devices, including mobile devices and desktops, and encompasses a variety of user behavior artifacts, such as information generated from linked accounts and cloud services. However, there are limitations in securing and analyzing digital evidence due to environmental constraints of the cloud, such as distributed storage of data and lack of artifact linkage. One solution to address this is archiving services, and Google's Takeout is prime example. In this paper, user behavior data is analyzed for cloud forensics based on archiving data and necessary items are selected from an investigation perspective. Additionally, we propose the process of analyzing selectively collected data based on time information and utilizing web-based visualization to meaningfully assess artifact associations and multi-behaviors. Through this, we aim to demonstrate the value of utilizing archiving data in response to the increasing significance of evidence collection for cloud data.

• Journal of the Korea Society for Simulation
• /
• v.31 no.3
• /
• pp.55-61
• /
• 2022

Currently police and fire departments use a Network/Wifi/GPS based emergency location positioning system established by mobile carriers to directly link with the device of the people who request the rescue to accurately position the expected location in the call area. However in the case of mountain rescue it is difficult to rescue the victim in golden time because the location of the search area cannot be limited when the victim is located in a radio shadow area of the mountain or the device power is off and this situation become worse if victim fail to report 911 by himself due to the injury. In this paper, we are expected to solve the previous problem by propose the mobile telecommunication forensic simulator consist of time series of cell information, human mobility model which include some general and specific features (age, gender, behavioral characteristics of victim, etc.) and intelligent infer system. The results of analysis appear in heatmap of polygons on the map based on the probability of the expected location information of the victim. With this technology we are expected to contribute to rapid and accurate lifesaving by reducing the search area of rescue team.

• Journal of Internet Computing and Services
• /
• v.16 no.2
• /
• pp.67-75
• /
• 2015

According to the changes of the mobile environments, the usage and interest of the Android apps have been increased. But the usage of illegally-copied apps has been also increased. And the transparency and dependability of the app markets has been decreased. Therefore there are many cases for the copyright infringement of app developers. Although several methods for preventing illegally-copied apps have been studied, there may exist possible ways to bypass the methods. Since it is difficult to find out the first distributors of the illegally-copied apps, it is not easy to punish them legally. This paper proposes the method of detecting illegally-copied apps. The proposed detector can detect the illegally-copied apps using odex file, which is created when the app is installed. The detector can also find out the information of the first distributors based on forensic watermark technique. Since the illegally-copied app detector is running as a service on the system server, it is granted that the detector hides from the users. As an experiment result, the illegally-copied app detector takes on average within 0.2 seconds to detect and delete an illegally-copied app.