• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.21-35
• /
• 2022

The use of digital information according to the development of information and communication technology and the 4th industrial revolution is continuously increasing and diversifying, and in proportion to this, crimes using digital information are also increasing. However, there are few cases of establishing an environment for processing and analysis of digital evidence in Korea. The budget allocated for each organization is different and the digital forensics laboratory built without solving the chronic problem of securing space has a problem in that there is no standard that can be referenced from the initial configuration stage. Based on this awareness of the problem, this thesis conducted an exploratory study focusing on tools and equipment necessary for building a digital forensics laboratory. As a research method, focus group interviews were conducted with 15 experts with extensive practical experience in the digital forensic laboratory or digital forensics field and experts' opinions were collected on the following 9 areas: network configuration, analyst computer, personal tools·equipment, imaging devices, dedicated software, open source software, common tools/equipment, accessories, and other considerations. As a result, a list of tools and equipment for digital forensic laboratories was derived.

• Journal of Korea Water Resources Association
• /
• v.56 no.7
• /
• pp.439-449
• /
• 2023

Recent advancements in data measuring technology have facilitated the installation of various sensors, such as pressure meters and flow meters, to effectively assess the real-time conditions of water distribution systems (WDSs). However, as cities expand extensively, the factors that impact the reliability of measurements have become increasingly diverse. In particular, demand data, one of the most significant hydraulic variable in WDS, is challenging to be measured directly and is prone to missing values, making the development of accurate data generation models more important. Therefore, this paper proposes an adversarially trained autoencoder (ATAE) model based on generative deep learning techniques to accurately estimate demand data in WDSs. The proposed model utilizes two neural networks: a generative network and a discriminative network. The generative network generates demand data using the information provided from the measured pressure data, while the discriminative network evaluates the generated demand outputs and provides feedback to the generator to learn the distinctive features of the data. To validate its performance, the ATAE model is applied to a real distribution system in Austin, Texas, USA. The study analyzes the impact of data uncertainty by calculating the accuracy of ATAE's prediction results for varying levels of uncertainty in the demand and the pressure time series data. Additionally, the model's performance is evaluated by comparing the results for different data collection periods (low, average, and high demand hours) to assess its ability to generate demand data based on water consumption levels.

• Journal of forensic and investigative science
• /
• v.1 no.2
• /
• pp.5-19
• /
• 2006

Data mining is an information extraction activity to discover hidden facts contained in databases. Using a combination of machine learning, statistical analysis, modeling techniques and database technology, data mining finds patterns and subtle relationships in data and infers rules that allow the prediction of future results. Typical applications include market segmentation, customer profiling, fraud detection, evaluation of retail promotions, and credit risk analysis. Law enforcement agencies deal with mass data to investigate the crime and its amount is increasing due to the development of processing the data by using computer. Now new challenge to discover knowledge in that data is confronted to us. It can be applied in criminal investigation to find offenders by analysis of complex and relational data structures and free texts using their criminal records or statement texts. This study was aimed to evaluate possibile application of data mining and its limitation in practical criminal investigation. Clustering of the criminal cases will be possible in habitual crimes such as fraud and burglary when using data mining to identify the crime pattern. Neural network modelling, one of tools in data mining, can be applied to differentiating suspect's photograph or handwriting with that of convict or criminal profiling. A case study of in practical insurance fraud showed that data mining was useful in organized crimes such as gang, terrorism and money laundering. But the products of data mining in criminal investigation should be cautious for evaluating because data mining just offer a clue instead of conclusion. The legal regulation is needed to control the abuse of law enforcement agencies and to protect personal privacy or human rights.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.175-184
• /
• 2006

Computer Forensics functions by defending the effects and extracting the evidence of the side effects for production at the court. Has the faultlessness of the digital evidence been compromised during the investigation, a critical evidence may be denied or not even be presented at the trial. The presented monograph will deliberate the faultlessness-establishing chain procedures in disk forensics, system forensics, network forensics, mobile forensics and database forensics. Once the faultlessness is established by the methods proposed, the products of investigation will be adopted as a leading evidence. Moreover, the issues and alternatives in the reality of digital investigation are presented along with the actual computer forensics cases, hopefully contributing to the advances in computer digital forensics and the field research of information security.

• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.5
• /
• pp.105-111
• /
• 2010

SWF(Shock Wave Flash) file is a format file for vector graphics produced by Adobe. It is widely used for a variety of contents such as advertising at websites, widgets, games, education, and videos and it contains various types of data such as sound sources, script, API and images. Many SWF files contain URL information on action script for communication in the network and they can be used as important research data as well as PC users' Web Browser history in terms of forensic investigation. And a decompiler for analyzing SWF files exists by which SWF files can be analysed and URL information can be verified. However, it takes a long time to verify the URL information on action scripts of multiple SWF files by the decompiler. In this paper, analysis of URL information on action scripts and extraction of URL information from multiple SWF files by designing analysis tools for URL information in SWF files is studied.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.5
• /
• pp.1273-1300
• /
• 2024

In the complex virtual environment of cyberspace, comprised of digital and communication networks, ensuring the security of information is being recognized as an ongoing challenge. The importance of 'Cyber Situation Awareness (CSA)' is being emphasized in response to this. CSA is understood as a vital capability to identify, understand, and respond to various cyber threats and is positioned at the heart of cyber security strategies from a defensive perspective. Critical industries such as finance, healthcare, manufacturing, telecommunications, transportation, and energy can be subjected to not just economic and societal losses from cyber threats but, in severe cases, national losses. Consequently, the importance of CSA is being accentuated and research activities are being vigorously undertaken. A systematic five-step approach to CSA is introduced against this backdrop, and a deep analysis of recent research trends, techniques, challenges, and future directions since 2019 is provided. The approach encompasses current situation and identification awareness, the impact of attacks and vulnerability assessment, the evolution of situations and tracking of actor behaviors, root cause and forensic analysis, and future scenarios and threat predictions. Through this survey, readers will be deepened in their understanding of the fundamental importance and practical applications of CSA, and their insights into research and applications in this field will be enhanced. This survey is expected to serve as a useful guide and reference for researchers and experts particularly interested in CSA research and applications.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.1
• /
• pp.15-22
• /
• 2017

With the advance of Internet Technology, various social network services are created and used by users. Especially, the use of smart devices makes that multimedia contents can be used and distributed on social network services. However, since the crime rate also is increased by users with illegal purposes, there are needs to protect contents and block illegal usage of contents with multimedia forensics. In this paper, we propose a multimedia forensic technique which is identifying the video source. First, the scheme to acquire the sensor pattern noise (SPN) using morphology filtering is presented, which comes from the imperfection of photon detector. Using this scheme, the SPN of reference videos from the reference device is estimated and the SPN of an unknown video is estimated. Then, the similarity between two SPNs is measured to identify whether the unknown video is acquired using the reference device. For the performance analysis of the proposed technique, 30 devices including DSLR camera, compact camera, camcorder, action cam and smart phone are tested and quantitatively analyzed. Based on the results, the proposed technique can achieve the 96% accuracy in identification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1043-1057
• /
• 2015

In order to recognize intelligent threats quickly and detect and respond to them actively, major public bodies and private institutions operate and administer an Intrusion Detection Systems (IDS), which plays a very important role in finding and detecting attacks. However, most IDS alerts have a problem that they generate false positives. In addition, in order to detect unknown malicious codes and recognize and respond to their threats in advance, APT response solutions or actions based systems are introduced and operated. These execute malicious codes directly using virtual technology and detect abnormal activities in virtual environments or unknown attacks with other methods. However, these, too, have weaknesses such as the avoidance of the virtual environments, the problem of performance about total inspection of traffic and errors in policy. Accordingly, for the effective detection of intrusion, it is very important to enhance security monitoring, consequentially. This study discusses a plan for the reduction of false positives as a plan for the enhancement of security monitoring. As a result of an experiment based on the empirical data of G, rules were drawn in three types and 11 kinds. As a result of a test following these rules, it was verified that the overall detection rate decreased by 30% to 50%, and the performance was improved by over 30%.

• Journal of Korean Neurosurgical Society
• /
• v.63 no.2
• /
• pp.178-187
• /
• 2020

Objective : The extensive vasa vasorum network functions as a conduit for the entry of inflammatory cells or factors that promote the progression of angiogenesis and plaque formation. Therefore, we investigated the correlation between the carotid vasa vasorum activities and carotid plaque vulnerability using indocyanine green video angiography (ICG-VA) during carotid endarterectomy (CEA). Methods : Sixty-nine patients who underwent CEA were enrolled prospectively from September 2015 to December 2017. During CEA, a bolus of ICG was injected intravenously before and after resecting the atheroma. Additionally, we performed immunohistochemistry using CD68 (a surface marker of macrophages), CD117 (a surface marker of mast cells), and CD4 and CD8 (surface markers of T-cells) antibodies to analyze the resected plaque specimens. Results : The density of active vasa vasorum was observed in all patients using ICG-VA. The vasa vasorum externa (VVE) and interna (VVI) were seen in 11 (16%) and 57 patients (82.6%), respectively. Macroscopically, the VVE-type patterns were strongly associated with preoperative angiographic instability (81.8%, p=0.005) and carotid plaque vulnerability (90.9%, p=0.017). In contrast, the VVI-type patterns were weakly associated with angiographic instability (31.6%) and plaque vulnerability (49.1%). CD68-stained macrophages and CD117-stained mast cells were observed more frequently in unstable plaques than in stable plaques (p<0.0001, p=0.002, respectively). Conclusion : The early appearance of VVE, along with the presence of many microvessel channels that provided nutrients to the developing and expanding atheroma during ICG-VA, was strongly associated with unstable carotid plaques. The degree of infiltration of macrophages and mast cells is possibly related to the formation of unstable plaques.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.69-78
• /
• 2022

As the use of Internet of Things (IoT) devices has expanded, digital forensics coverage of the National Police Agency has expanded to smart home areas. Accordingly, most of the existing studies conducted to acquire smart home platform data were mainly conducted to analyze local data of mobile devices and analyze network perspectives. However, meaningful data for evidence analysis is mainly stored on cloud storage on smart home platforms. Therefore, in this paper, we study how to acquire stored in the cloud in a Hey Home Air environment by extracting accessToken of user accounts through a cookie database of browsers such as Microsoft Edge, Google Chrome, Mozilia Firefox, and Opera, which are recorded on a PC when users use the Hey Home app-based "Hey Home Square" service. In this paper, the it was configured with smart temperature and humidity sensors, smart door sensors, and smart motion sensors, and artifacts such as temperature and humidity data by date and place, device list used, and motion detection records were collected. Information such as temperature and humidity at the time of the incident can be seen from the results of the artifact analysis and can be used in the forensic investigation process. In addition, the cloud data acquisition method using OpenAPI proposed in this paper excludes the possibility of modulation during the data collection process and uses the API method, so it follows the principle of integrity and reproducibility, which are the principles of digital forensics.