• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.203-211
• /
• 2021

Image tampering detection and localization have become an active area of research in the field of digital image forensics in recent times. This is due to the widespread of malicious image tampering. This study presents a new method for image tampering detection and localization that combines the advantages of dilated convolution, residual network, and UNET Architecture. Using the UNET architecture as a backbone, we built the proposed network from two kinds of residual units, one for the encoder path and the other for the decoder path. The residual units help to speed up the training process and facilitate information propagation between the lower layers and the higher layers which are often difficult to train. To capture global image tampering artifacts and reduce the computational burden of the proposed method, we enlarge the receptive field size of the convolutional kernels by adopting dilated convolutions in the residual units used in building the proposed network. In contrast to existing deep learning methods, having a large number of layers, many network parameters, and often difficult to train, the proposed method can achieve excellent performance with a fewer number of parameters and less computational cost. To test the performance of the proposed method, we evaluate its performance in the context of four benchmark image forensics datasets. Experimental results show that the proposed method outperforms existing methods and could be potentially used to enhance image tampering detection and localization.

• Journal of Radiation Industry
• /
• v.17 no.4
• /
• pp.345-357
• /
• 2023

Nuclear forensics has been understood as a mendatory component in the international society for nuclear material control and non-proliferation verification. Radiochronometry of nuclear activities for nuclear forensics are decay series characteristics of nuclear materials and the Bateman equation to estimate when nuclear materials were purified and produced. Radiochronometry values have uncertainty of measurement due to the uncertainty factors in the estimation process. These uncertainties should be calculated using appropriate evaluation methods that are representative of the accuracy and reliability. The IAEA, US, and EU have been researched on radiochronometry and uncertainty of measurement, although the uncertainty calculation method using the Bateman equation is limited by the underestimation of the decay constant and the impossibility of estimating the age of more than one generation, so it is necessary to conduct uncertainty calculation research using computer simulation such as Monte Carlo method. This highlights the need for research using computational simulations, such as the Monte Carlo method, to overcome these limitations. In this study, we have analyzed mathematical models and the LHS (Latin Hypercube Sampling) methods to enhance the reliability of radiochronometry which is to develop an uncertainty algorithm for nuclear material radiochronometry using Bateman Equation. We analyzed the LHS method, which can obtain effective statistical results with a small number of samples, and applied it to algorithms that are Monte Carlo methods for uncertainty calculation by computer simulation. This was implemented through the MATLAB computational software. The uncertainty calculation model using mathematical models demonstrated characteristics based on the relationship between sensitivity coefficients and radiative equilibrium. Computational simulation random sampling showed characteristics dependent on random sampling methods, sampling iteration counts, and the probability distribution of uncertainty factors. For validation, we compared models from various international organizations, mathematical models, and the Monte Carlo method. The developed algorithm was found to perform calculations at an equivalent level of accuracy compared to overseas institutions and mathematical model-based methods. To enhance usability, future research and comparisons·validations need to incorporate more complex decay chains and non-homogeneous conditions. The results of this study can serve as foundational technology in the nuclear forensics field, providing tools for the identification of signature nuclides and aiding in the research, development, comparison, and validation of related technologies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.57-67
• /
• 2013

Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.101-114
• /
• 2011

As it seems like critical information leakages have been increasing due to industrial espionage and malicious internal users, the importance of introducing audit and log security technology is growing every now and then. In this paper, we suggest the session logging system for the company's internal control to meet the SOX legislation level, by monitoring and analyzing users behaviors connecting to the business-critical Operating System. The system proposed in this paper aims to monitor the user's illegal activities in the Operating System, and to present the clear evidence of purpose of those activities by detailed logs. For this purpose, we modified Operating System by adding multiple services suggested in this paper. These services utilize interfaces provided by the existing Operating System and add functions to control access and get logs. The system saves and manages session logs of users or administrators connected to the server with centralized log storage. And the system supports session log searching and lookup features required by SOX legislation for the company's internal controls with the level of computer forensics and logging technology.

• Journal of Advanced Navigation Technology
• /
• v.13 no.5
• /
• pp.639-645
• /
• 2009

It has increased rapidly use of GPS car navigation system in the last few years worldwide. The type of navigation operation is composed of hardware or software. Navigation based on software is stored in exterior storage(e.g. SD card) and executed. One of many navigation software, Mappy, is used most plentifully in Korea. It stores user information such frequently visited place, route and etc. in exterior storage. If it analyzes the dat of navigation, we gain the information such a suspect's movement, route of car. There are important means in a digital forensic perspective because it's available for investigating the crime such kidnapping, murder and etc. This paper provides the necessary information in digital investigation through the analysis of stored data of navigation in a digital forensic perspective.

• The Journal of Society for e-Business Studies
• /
• v.17 no.3
• /
• pp.117-128
• /
• 2012

There was a large scale of DDoS(Distributed Denial of Service) attacks mostly targeted at Korean government web sites and cooperations's on March 4, 2010(3.4 DDoS attack) after 7.7 DDoS on July 7, 2009. In these days, anyone can create zombie PCs to attack someone's website with malware development toolkits and farther more improve their knowledge of hacking skills as well as toolkits because it has become easier to obtain these toolkits on line, For that trend, it has been difficult for computer security specialists to counteract DDoS attacks. In this paper, we will introduce an essential control list to prevent malware infection with live forensics techniques after analysis of monitoring network systems and PCs. Hopefully our suggestion of how to coordinate a security monitoring system in this paper will give a good guideline for cooperations who try to build their new systems or to secure their existing systems.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.1
• /
• pp.43-50
• /
• 2013

File identification and analysis is an important process of computer forensics, since the process determines which subjects are necessary to be collected and analyzed as digital evidence. An efficient file classification aids in the file identification, especially in case of copyright infringement where we often have huge amounts of files. A lot of file classification methods have been proposed by far, but they have mostly focused on classifying malicious behaviors based on known information. In copyright infringement cases, we need a different approach since our subject includes not only malicious codes, but also vast number of normal files. In this paper, we propose an efficient file classification method that relies on undocumented information in the header of the PE format files. Out method is useful in copyright infringement cases, being applied to any sort of PE format executable file whether the file is malicious, packed, mutated, transformed, virtualized, obfuscated, or not.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.77-91
• /
• 2019

Recent Linux operating systems having been increasingly used, ranging from automotive consoles, CCTV, IoT devices, and mobile devices to various versions of the kernel. Because these devices can be used as strong evidence in criminal investigations, there is a risk of destroying evidence through file deletion. Ext filesystem forensics has been studied in depth because it can recovery deleted files without depending on the kind of device. However, studies have been carried out without consideration of characteristics of file system which may vary depending on the kernel. This problem can lead to serious situations, such as those that can impair investigative ability and cause doubt of evidence ability, when an actual investigation attempts to analyze a different version of the kernel. Because investigations can be performed on various distribution and kernel versions of Linux file systems at the actual investigation site, analysis of the metadata changes that occur when files are deleted by Linux distribution and kernel versions is required. Therefore, in this paper, we analyze the difference of metadata according to the Linux kernel as a solution to this and recovery deleted file. After that, the investigating agency needs to consider the metadata change caused by the difference of Linux kernel version when performing Ext filesystem forensics.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.6
• /
• pp.41-48
• /
• 2017

All the personal information controllers or processors collecting, processing and storing personal information through the entry into force of the EU GDPR (General Data Protection Regulation) are required to provide the basic principle of privacy by design at all stages of developing products or services throughout the organization, And to ensure that the basic rights of the subject of personal information are protected and that internal control techniques are provided to prevent any abuse or leakage. We will review the regulations and countermeasures required by the GDPR for video information with serious privacy problems, and propose a solution.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1149-1152
• /
• 2004

컴퓨터가 현대 생활의 필수 도구로 자리잡으면서 컴퓨터를 매개로 이루어지는 범죄행위에 대하여 법적인 처벌 문제가 중요하게 대두되고 있다. 컴퓨터범죄를 형사적으로 처벌하기 위하여는 디지털증거의 증거능력과 증명력이 인정되어야만 한다. 하지만 디지털증거는 그 특성상 조작, 손상, 멸실의 우려가 높다. 디지털증거가 형사소송법상 유효한 증거로서의 증거능력을 인정 받기 위하여는 데이터의 변형 없이 수집하고 때로는 손상된 디지털 증거를 복구하여 원본과 동일하게 복사하여 정확히 분석한 후 제출되어야 한다. 이와 관련된 학문 전반을 컴퓨터포렌식이라고 하는데 국내법 혹은 국제법적으로 유효한 절차 및 수단에 따라 관련 증거들을 수집하여 함은 물론이고 과학적인 논거들로 입증하는 것이 또한 매우 중요하다. 현재 국내법상 디지털증거에 관한 입법이 없으므로 일반적인 증거증력에 관한 규정과 일부 판례를 차용하여 증거능력과 증명력을 갖춘 컴퓨터포렌식 절차를 제안 한다.