• Title/Summary/Keyword: computer forensic

Search Result 181, Processing Time 0.024 seconds

Hijacking and Forensic Data Generation through Google Hacking (Google Hacking을 통한 정보탈취와 포렌식 자료 생성)

  • Lee, Jae-Hyun;Park, Dea-Woo
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2011.06a
    • /
    • pp.105-110
    • /
    • 2011
  • 악의적 목적을 가진 Hacker는 Google의 검색 기능과 키워드 사용을 이용해 인터넷 상에 존재하는 개인정보를 탈취하거나 웹페이지의 취약성, 해킹 대상에 대한 정보들을 수집할 수 있다. Google의 검색 결과 인터넷에서는 수많은 개인정보가 검색되고, 이중에는 타인에게 노출되지 않아야 하는 개인의 이력서, 기업의 기밀자료, 관리자의 ID, Password 등도 인터넷 상에서 보안되지 않은 상태로 존재하고 있다. 본 논문에서는 Google을 이용한 정보검색과 정보탈취에 대해 연구하고, 개인 탈취 정보를 이용한 침해사고와 포렌식 자료 생성에 관한 기술과 보안방안을 제안한다. 본 논문 연구를 통하여 인터넷 검색 결과에 대한 보안 취약성 보완의 기술 발전과 기초자료로 활용될 것이다.

  • PDF

Broken Integrity Detection of Video Files in Video Event Data Recorders

  • Lee, Choongin;Lee, Jehyun;Pyo, Youngbin;Lee, Heejo
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.8
    • /
    • pp.3943-3957
    • /
    • 2016
  • As digital evidence has a highly influential role in proving the innocence of suspects, methods for integrity verification of such digital evidence have become essential in the digital forensic field. Most surveillance camera systems are not equipped with proper built-in integrity protection functions. Because digital forgery techniques are becoming increasingly sophisticated, manually determining whether digital content has been falsified is becoming extremely difficult for investigators. Hence, systematic approaches to forensic integrity verification are essential for ascertaining truth or falsehood. We propose an integrity determination method that utilizes the structure of the video content in a Video Event Data Recorder (VEDR). The proposed method identifies the difference in frame index fields between a forged file and an original file. Experiments conducted using real VEDRs in the market and video files forged by a video editing tool demonstrate that the proposed integrity verification scheme can detect broken integrity in video content.

Ensuring the Admissibility of Mobile Forensic Evidence in Digital Investigation (모바일 포렌식 증거능력 확보 방안 연구)

  • Eo, Soowoong;Jo, Wooyeon;Lee, Seokjun;Shon, Taeshik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.135-152
    • /
    • 2016
  • Because of the evolution of mobile devices such as smartphone, the necessity of mobile forensics is increasing. In spite of this necessity, the mobile forensics does not fully reflect the characteristic of the mobile device. For this reason, this paper analyzes the legal, institutional, and technical considerations for figuring out facing problems of mobile forensics. Trough this analysis, this study discuss the limits of screening seizure on the mobile device. Also, analyzes and verify the mobile forensic data acquisition methods and tools for ensuring the admissibility of mobile forensic evidence in digital investigation.

Priority Scheduling of Digital Evidence in Forensic (포렌식에서 디지털 증거의 우선순위 스케쥴링)

  • Lee, Jong-Chan;Park, Sang-Joon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.9
    • /
    • pp.2055-2062
    • /
    • 2013
  • Digital evidence which is the new form of evidence to crime makes little difference in value and function with existing evidences. As time goes on, digital evidence will be the important part of the collection and the admissibility of evidence. Usually a digital forensic investigator has to spend a lot of time in order to find clues related to the investigation among the huge amount of data extracted from one or more potential containers of evidence such as computer systems, storage media and devices. Therefore, these evidences need to be ranked and prioritized based on the importance of potential relevant evidence to decrease the investigate time. In this paper we propose a methodology which prioritizes order in which evidences are to be examined in order to help in selecting the right evidence for investigation. The proposed scheme is based on Fuzzy Multi-Criteria Decision Making, in which uncertain parameters such as evidence investigation duration, value of evidence and relation between evidence, and relation between the case and time are used in the decision process using the aggregation function in fuzzy set theory.

Resolution of Complication in Territorial Sea by Using Digital Forensic (분쟁소지가 있는 공해상에서 Digital Forensic을 이용한 해결 방안)

  • Lee, Gyu-An;Park, Dea-Woo;Shin, Youg-Tae
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.3
    • /
    • pp.137-146
    • /
    • 2007
  • Korea's seas have the potentials of dispute against China or Japan due to the overlap of the territorial waters and EEZ. In case of marine accidents, the nature of the sea tends to eliminate much of the track, making it another hardship in evidence adoption in case of an international dispute along with the false entries of fishing vessels' journals. Marine Digital Forensics Protects the functions of computers and IT appliance on vessels and extracts evidence of voyage and accidents to resolve international dispute. The digital evidence, if tampered with its integrity, my lead to the rejection to a critical claim or may even fail to make a case. As a solution, this thesis suggests Marine Digital Forensics as a way to extract evidence and prove a claim. This may be utilized as means of scientific investigation on sea as overseas exchange increases and the vessels digitalize, leading to a solution in international disputes that may occur in the future.

  • PDF

Method for Finding Related Object File for a Computer Forensics in a Log Record of $LogFile of NTFS File System (NTFS 파일시스템의 $LogFile의 로그레코드에 연관된 컴퓨터 포렌식 대상 파일을 찾기 위한 방법)

  • Cho, Gyu-Sang
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.49 no.4
    • /
    • pp.1-8
    • /
    • 2012
  • The NTFS journaling file($LogFile) is used to keep the file system clean in the event of a system crash or power failure. The operation on files leaves large amounts of information in the $LogFile. Despite the importance of a journal file as a forensic evidence repository, its structure is not well documented. The researchers used reverse engineering in order to gain a better understanding of the log record structures of address parts, and utilized the address for identifying object files to gain forensic information.

Detection of Assault and Violence Using Color Histogram in Elevator (컬러히스토그램을 이용한 승강기에서 폭행 및 폭력 사건의 추출)

  • Shin, Seong-Yoon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.12
    • /
    • pp.95-100
    • /
    • 2012
  • In this paper, we see the means for the assault, the type of unlawful exercise of power. Also, we see the violence, the physical exercise accompanying with assault. Now, it has caused numerous crimes in elevators. This paper is to present a way to extract the violence and assault that occurred in elevators. Key frame was extract by color histogram method, one of the ways to scene change detection techniques. Extracted key frames are key frames of a scene containing a forensic crime scene video. Also, the key frames of the scene should be submitted to the forensic evidence.

Detection Copy-Move Forgery in Image Via Quaternion Polar Harmonic Transforms

  • Thajeel, Salam A.;Mahmood, Ali Shakir;Humood, Waleed Rasheed;Sulong, Ghazali
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.8
    • /
    • pp.4005-4025
    • /
    • 2019
  • Copy-move forgery (CMF) in digital images is a detrimental tampering of artefacts that requires precise detection and analysis. CMF is performed by copying and pasting a part of an image into other portions of it. Despite several efforts to detect CMF, accurate identification of noise, blur and rotated region-mediated forged image areas is still difficult. A novel algorithm is developed on the basis of quaternion polar complex exponential transform (QPCET) to detect CMF and is conducted involving a few steps. Firstly, the suspicious image is divided into overlapping blocks. Secondly, invariant features for each block are extracted using QPCET. Thirdly, the duplicated image blocks are determined using k-dimensional tree (kd-tree) block matching. Lastly, a new technique is introduced to reduce the flat region-mediated false matches. Experiments are performed on numerous images selected from the CoMoFoD database. MATLAB 2017b is used to employ the proposed method. Metrics such as correct and false detection ratios are utilised to evaluate the performance of the proposed CMF detection method. Experimental results demonstrate the precise and efficient CMF detection capacity of the proposed approach even under image distortion including rotation, scaling, additive noise, blurring, brightness, colour reduction and JPEG compression. Furthermore, our method can solve the false match problem and outperform existing ones in terms of precision and false positive rate. The proposed approach may serve as a basis for accurate digital image forensic investigations.

Analyzing Past User History through Recovering Deleted $UsnJrnl file (삭제된 $UsnJrnl 파일 복구를 통한 과거 사용자 행위 확인)

  • Kim, Dong-Geon;Park, Seok-Hyeon;Jo, Ohyun
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.5
    • /
    • pp.23-29
    • /
    • 2020
  • These days, digital forensic technologies are being used frequently at crime scenes. There are various electronic devices at the scene of the crime, and digital forensic results of these devices are used as important evidence. In particular, the user's action and the time when the action took place are critical. But there are many limitations for use in real forensics analyses because of the short cycle in which user actions are recorded. This paper proposed an efficient method for recovering deleted user behavior records and applying them to forensics investigations, then the proposed method is compared with previous methods. Although there are difference in recovery result depending on the storage, the results have been identified that the amount of user history data is increased from a minimum of 6% to a maximum of 539% when recovered user behavior was utilized to forensics investigation.