• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.1-8
• /
• 2018

A random chat application is a type of social dating application that helps people find a lover or spouse by randomly connecting and providing services such as text, voice and video chat. Recently, there has been globally a rapid increase in its use due to the fact that it provides people to quick and convenient encounters at low cost. However, it is used as one of method to prostitute or to trade drugs and become a cause of violent crimes due to various criminal occurring after actual meeting between app users. For this reason, a random chat application is likely to provide proof of prostitution or drug trade and clues to arrest rape, kidnapping and murder suspects. Thus, it is necessary to analyse random chat applications from the viewpoint of digital forensics investigation, but there is no related research at all. Therefore, in this paper, we analyzed artifacts of 6 Korea random chat application's user behaviors; Ranchat, AngTalk, SsumgThing, DaTalk, EveryTalk and Sail. As a result, we found that it is remain on mobile device that time and contents of message transmission/reception, sender/receiver, friend profile and user account creation time when user is using the applications.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2014.01a
• /
• pp.377-378
• /
• 2014

컴퓨터 시스템을 기반으로 이루어지는 범죄 행위로부터 법적인 보호를 받기 위해 관련 법안이 개정되고 이를 수용하기 위한 컴퓨터 포렌식 지원 기술이 다각도로 연구되고 있다. 그러나 시스템 침해자의 시스템 공격 후 본인 흔적을 지우고 나가는 경우 침해자 추출이 어렵다. 또한 휘발성 정보의 손실이 발생하며 디스크에 저장된 비휘발성 정보의 경우 파일의 삭제 및 생성에 의해 디스크 저장영역의 중복된 사용으로 완전한 정보를 추출하는데 문제를 가지고 있다. 이러한 문제를 해결하기 위해 본 연구에서는 시스템 침해자의 공격 형태 및 상황, 환경을 유추하기 위해 행위자를 중심으로 휘발성의 정보를 수집하여 공격 당시의 시나리오의 재현이 가능한 컴퓨터시스템 블랙박스를 설계하였다.

• Proceedings of the Korea Contents Association Conference
• /
• 2008.05a
• /
• pp.507-513
• /
• 2008

In Digital Contents Computing Environment, information such as register, cache memory, and network information are hard to make certain of a real-time collection because such information collection are easily modified or disappeared. Thus, a collection of information is one of important step for computer forensics system on Digital Contents computing. In this paper, we propose information collection module, which collects variable information of server system based on memory mapping in real-time.

• The Journal of Information Technology
• /
• v.10 no.3
• /
• pp.93-120
• /
• 2007

A Smart Home is a technically expanded from home network that gives us a comfortable life. But still there is a problem such as mal function of devices and intrusions by malicious parties since it is based on home network. The intrusion by malicious parties causes a critical problem to the individual's privacy. Therefore to take legal actions against to the intruders, the intrusion evidence collecting and managing technology are widely researched in the world. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That's why we have to prove the evidence's integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.8
• /
• pp.3488-3500
• /
• 2020

At the present time, the economy continues to flourish, and private cars have become the means of choice for most people. Therefore, the license plate recognition technology has become an indispensable part of intelligent transportation, with research and application value. In recent years, the convolution neural network for image classification is an application of deep learning on image processing. This paper proposes a strategy to improve the YOLO model by studying the deep learning convolutional neural network (CNN) and related target detection methods, and combines the OpenCV and TensorFlow frameworks to achieve efficient recognition of license plate characters. The experimental results show that target detection method based on YOLO is beneficial to shorten the training process and achieve a good level of accuracy.

• Journal of Korea Multimedia Society
• /
• v.10 no.3
• /
• pp.365-372
• /
• 2007

The information of world is most likely to be created as digital data. These digital productions need some legal protection mechanisms or techniques because users can illegally use them. Thus many researchers are developing various techniques. Currently most techniques are focusing on the physical and chemical methods like disk inspection for taking legal evidence about production infringement. This paper has developed a computer forensics-based copyrights protection system capable of detecting and notifying disobedience facts when user uses illegally a production. Furthermore if the user infringes continually the production the system stores the infringement facts to take the legal evidence by mapping to law for intellectual property right. The technique can protect data from digital evidence manipulation or destruction.

• Journal of Information Science Theory and Practice
• /
• v.12 no.1
• /
• pp.39-59
• /
• 2024

An online social network is a platform that is continuously expanding, which enables groups of people to share their views and communicate with one another using the Internet. The social relations among members of the public are significantly improved because of this gesture. Despite these advantages and opportunities, criminals are continuing to broaden their attempts to exploit people by making use of techniques and approaches designed to undermine and exploit their victims for criminal activities. The field of digital forensics, on the other hand, has made significant progress in reducing the impact of this risk. Even though most of these digital forensic investigation techniques are carried out manually, most of these methods are not usually appropriate for use with online social networks due to their complexity, growth in data volumes, and technical issues that are present in these environments. In both civil and criminal cases, including sexual harassment, intellectual property theft, cyberstalking, online terrorism, and cyberbullying, forensic investigations on social media platforms have become more crucial. This study explores the use of machine learning techniques for addressing criminal incidents on social media platforms, particularly during forensic investigations. In addition, it outlines some of the difficulties encountered by forensic investigators while investigating crimes on social networking sites.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.346-376
• /
• 2018

Digital forensics is a vital part of almost every criminal investigation given the amount of information available and the opportunities offered by electronic data to investigate and evidence a crime. However, in criminal justice proceedings, these electronic pieces of evidence are often considered with the utmost suspicion and uncertainty, although, on occasions are justifiable. Presently, the use of scientifically unproven forensic techniques are highly criticized in legal proceedings. Nevertheless, the exceedingly distinct and dynamic characteristics of electronic data, in addition to the current legislation and privacy laws remain as challenging aspects for systematically attesting evidence in a court of law. This article presents a comprehensive study to examine the issues that are considered essential to discuss and resolve, for the proper acceptance of evidence based on scientific grounds. Moreover, the article explains the state of forensics in emerging sub-fields of digital technology such as, cloud computing, social media, and the Internet of Things (IoT), and reviewing the challenges which may complicate the process of systematic validation of electronic evidence. The study further explores various solutions previously proposed, by researchers and academics, regarding their appropriateness based on their experimental evaluation. Additionally, this article suggests open research areas, highlighting many of the issues and problems associated with the empirical evaluation of these solutions for immediate attention by researchers and practitioners. Notably, academics must react to these challenges with appropriate emphasis on methodical verification. Therefore, for this purpose, the issues in the experiential validation of practices currently available are reviewed in this study. The review also discusses the struggle involved in demonstrating the reliability and validity of these approaches with contemporary evaluation methods. Furthermore, the development of best practices, reliable tools and the formulation of formal testing methods for digital forensic techniques are highlighted which could be extremely useful and of immense value to improve the trustworthiness of electronic evidence in legal proceedings.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.69-81
• /
• 2006

The Computer Forensics is a research area that finds the malicious users by collecting and analyzing the intrusion or infringement evidence of computer crimes such as hacking. Many researches about Computer Forensics have been done so far. But those researches have focussed on how to collect the forensic evidence for both analysis and poofs after receiving the intrusion or infringement reports of hosts from computer users or network administrators. In this paper, we describe how to collect the forensic evidence of good quality from observable and protective hosts at the time of infringement occurrence by malicious users. By correlating the event logs of Intrusion Detection Systems(IDSes) and hosts with the configuration information of hosts periodically, we calculate the value of infringement severity that implies the real infringement possibility of the hosts. Based on this severity value, we selectively collect the evidence for proofs at the time of infringement occurrence. As a result, we show that we can minimize the information damage of the evidence for both analysis and proofs, and reduce the amount of data which are used to analyze the degree of infringement severity.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.178-192
• /
• 2021

File system forensics typically focus on the contents or timestamps of a file, and it is common to work around file/directory centers. But to recover a deleted file on the disk or use a carving technique to find and connect partial missing content, the evidence must be analyzed using cluster-centered analysis. Forensics tools such as EnCase, TSK, and X-ways, provide a basic ability to get information about disk clusters, but these are not the core functions of the tools. Alternatively, Sysinternals' DiskView tool provides a more intuitive visualization function, which makes it easier to obtain information around disk clusters. In addition, most current tools are for Windows. There are very few forensic analysis tools for MacOS, and furthermore, cluster analysis tools are very rare. In this paper, we developed a tool named FACT (Forensic Analyzer based Cluster Information Tool) for analyzing the state of clusters in a HFS+ file system, for digital forensics. The FACT consists of three features, a Cluster based analysis, B-tree based analysis, and Directory based analysis. The Cluster based analysis is the main feature, and was basically developed for cluster analysis. The FACT tool's cluster visualization feature plays a central role. The FACT tool was programmed in two programming languages, C/C++ and Python. The core part for analyzing the HFS+ filesystem was programmed in C/C++ and the visualization part is implemented using the Python Tkinter library. The features in this study will evolve into key forensics tools for use in MacOS, and by providing additional GUI capabilities can be very important for cluster-centric forensics analysis.