• Journal of Information Processing Systems
• /
• v.16 no.4
• /
• pp.760-773
• /
• 2020

When a crime occurs, the information necessary for solving the case, and various pieces of the evidence needed to prove the crime are collected from the crime scene. The tangible residues collected through scientific methods at the crime scene become evidence at trial and a clue to prove the facts directly against the offense of the suspect. Therefore, the scientific investigation and forensic handling for securing objective forensic in crime investigation is increasingly important. Today, digital systems, such as smartphones, CCTVs, black boxes, etc. are increasingly used as criminal information investigation clues, and digital forensic is becoming a decisive factor in investigation and trial. However, the systems have the risk that digital forensic may be damaged or manipulated by malicious insiders in the existing centralized management systems based on client/server structure. In this paper, we design and implement a blockchain based digital forensic management model using Hyperledger Fabric and Docker to guarantee the reliability and integrity of digital forensic. The proposed digital evidence management model allows only authorized participants in a distributed environment without a central management agency access the network to share and manage potential crime data. Therefore, it could be relatively safe from malicious internal attackers compared to the existing client/server model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.9
• /
• pp.3751-3770
• /
• 2015

Many sorts of image processing software facilitate image editing and also generate a great number of doctored images. Forensic technology emerges to detect the unintentional or malicious image operations. Most of forensic methods focus on the detection of single operations. However, a series of operations may be used to sequentially manipulate an image, which makes the operation detection problem complex. Forensic investigators always want to know as much exhaustive information about a suspicious image's entire processing history as possible. The detection of the operation chain, consisting of a series of operations, is a significant and challenging problem in the research field of forensics. In this paper, based on the histogram distribution uniformity of a manipulated image, we propose an operation chain detection scheme to identify histogram equalization (HE) followed by the dither-like operation (DLO). Two histogram features and a local spatial feature are utilized to further determine which DLO may have been applied. Both theoretical analysis and experimental results verify the effectiveness of our proposed scheme for both global and local scenarios.

• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.525-533
• /
• 2015

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.7
• /
• pp.1495-1504
• /
• 2014

Currently information related service such as internet banking, chatting, social network services are quite well smeared into our daily life. Moreover, a rapid growth of service using smart devices brought an importance of security in internet services and a research activation of digital forensic in a crime investigation. This paper presented a previous digital forensic research trend and based on this, suggested a technology-strategy integrated digital forensic process platform, taking a mid-long term government leading ICT R&D strategy and ICT paradigm shift into account.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.5
• /
• pp.117-126
• /
• 2016

Recently, increasing utilization of Big Data or Social Network Service involves the increases in demand for NoSQL Database that overcomes the limitations of existing relational database. A forensic examination of Relational Database has steadily researched in terms of Digital Forensics. In contrast, the forensic examination of NoSQL Database is rarely studied. In this paper, We introduce Redis (which is) based on Key-Value Store NoSQL Database, and research the collection and analysis of forensic artifacts then propose recovery method of deleted data. Also we developed a recovery tool, it will be verified our recovery algorithm.

• Journal of Information Science Theory and Practice
• /
• v.12 no.1
• /
• pp.39-59
• /
• 2024

An online social network is a platform that is continuously expanding, which enables groups of people to share their views and communicate with one another using the Internet. The social relations among members of the public are significantly improved because of this gesture. Despite these advantages and opportunities, criminals are continuing to broaden their attempts to exploit people by making use of techniques and approaches designed to undermine and exploit their victims for criminal activities. The field of digital forensics, on the other hand, has made significant progress in reducing the impact of this risk. Even though most of these digital forensic investigation techniques are carried out manually, most of these methods are not usually appropriate for use with online social networks due to their complexity, growth in data volumes, and technical issues that are present in these environments. In both civil and criminal cases, including sexual harassment, intellectual property theft, cyberstalking, online terrorism, and cyberbullying, forensic investigations on social media platforms have become more crucial. This study explores the use of machine learning techniques for addressing criminal incidents on social media platforms, particularly during forensic investigations. In addition, it outlines some of the difficulties encountered by forensic investigators while investigating crimes on social networking sites.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.777-785
• /
• 2016

IM(Instant Messenger) chatting service can carry user's various information including life style, geographical position, and psychology & crime history and thus forensic analysis on the IM service is desirable. But, forensic analysis for KakaoTalk's chatting service is not well studied yet. For this reason, we study KakaoTalk's forensic analysis focusing on chatting service. This paper first details a general method of IM forensics investigating the previous articles about IM forensics although there are not many articles. Second, we discuss methodologies for IM forensics wherein we present analysis of table structure and method for reconstruction of chatting message. These result in the basic element of forensic tools of KakaoTalk chatting message. Last, we compare artifacts of KakaoTalk with that of WhatsApp. We conclude that these applications are, at least, different in that table structures and the ways to reconstruct chatting messages are not same and therefore digital evidences or artifacts are not same and somewhat distinct.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.32 no.2
• /
• pp.76-84
• /
• 2009

Since too much information has been generated, it became very difficult to find out valuable and necessary information. In order to deal with the problem of information overload, the taxonomy for information visualization techniques has been based upon visualized shapes such as tree map, fisheye view and parallel coordinates, so that it was difficult to choose the right representation technique by data characteristics. Therefore, this study was designed to introduce a new taxonomy for the information visualization by data characteristics which defined by space (3D vs. multi-dimensions), time (continuous vs. discrete), and relations of data (qualitative vs. quantitative). To verify the new taxonomy, forensic data which were generated to investigate the culprit of network security was used. The result showed that the new taxonomy was found to be very efficient and effective to choose the right visualized shape for forensic data for network security. In conclusion, the new taxonomy was proven to be very helpful to choose the right information visualization technique by data characteristics.

• The KIPS Transactions:PartC
• /
• v.18C no.4
• /
• pp.217-226
• /
• 2011

As a diverse range of smartphones has been recently developed and diffused, the users of SNS (Social Network Service) also have been sharply increased. The SNS saves a variety of information such as exchanged pictures and videos, voice mails or location sharing, chat history, etc. as well as simple user data, so that the acquisition of data that are useful in the aspect of digital forensic is achievable. This thesis reviews the types of SNS that are available for the iPhone, a recent example of highly used smartphones, and types of data by each client. Also, efficient data analysis method for digital forensic investigations is suggested by analyzing the relationships within the collected data by each client.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.149-162
• /
• 2004

Until now the study of computer forensics has been focused only system forensics which carried on keeping, processing and collecting the remained evidence on computer. Recently the trend of forensic study is proceeding about the network forensics which analyze the collected information in entire networks instead of analyzing the evidence on a victim computer. In particular network forensics is more important in Automated Computer Emergency Response System because the system deals with the intrusion evidence of entire networks. In this paper we defined the information of network forensics that have to be collected in Automated Computer Emergency Response System and verified the defined information by comparing with the collected information in experimental environments.