• Journal of Information Technology Services
• /
• v.19 no.3
• /
• pp.57-73
• /
• 2020

The proportion of digital evidence in criminal cases has increased, while at the same time, the spread of the Internet has made it easy to delete information that is stored in another place and thus, the Internet is being used to delete online criminal evidence. To respond quickly and effectively to cybercrime, 29 countries signed the Convention on Cybercrime in 2001 through the Council of Europe. Article 16 of the Convention relates to the expedited preservation of stored computer data and requires signatories to adopt legislative measures to enable its competent authorities to order expeditious preservation of specified computer data where there are grounds to believe that the data is particularly vulnerable to loss or modification. More than 60 countries have joined the Convention since 2001 and have made efforts to improve their legal system in line with it. The United States legislated 18 U.S.C. § 2703(f) to preserve electronic evidence pending the issuance of a court order. The German Code of Criminal Procedure §§ 94~95 allows prosecution authorities to seize evidence or issue production orders without court control in urgent circumstances. A custodian shall be obliged to surrender evidence upon a request that evidence be preserved, and non-compliance results in punishment. Japan legislated the Criminal Procedure Act § 197(3) and (4) to establish a legal base for requesting that electronic records that are stored by an ISP not be deleted. The Korean Criminal Procedure Act § 184 outlines procedures for the preservation of evidence but does not adequately address the expeditious preservation of digital evidence that may be vulnerable to deletion. This paper analyzes nine considerations, including request subjects, requirements, and cost reimbursement to establish directions to improve the legal system for the expedited preservation of digital evidence. A new method to preserve online digital evidence in urgent cases is necessary.

• The Journal of the Korea Contents Association
• /
• v.6 no.5
• /
• pp.153-160
• /
• 2006

Recently, digital imaging is frequently used by crime scene investigators. However, the admissibility of digital photographic evidence in court is often raised because of the fact that digital photographs are more easily modified than film-based photographs. Therefore, in this article, the researcher reviewed some basic theories and legal considerations related with police crime scene investigations in Korea and The United States. This article is presented in the hope of clearing up some of the possibilities of falsifying photographic evidences and in the hope of setting the strict the rules of evidence regarding digital evidence in this county.

• Journal of Information Processing Systems
• /
• v.16 no.4
• /
• pp.760-773
• /
• 2020

When a crime occurs, the information necessary for solving the case, and various pieces of the evidence needed to prove the crime are collected from the crime scene. The tangible residues collected through scientific methods at the crime scene become evidence at trial and a clue to prove the facts directly against the offense of the suspect. Therefore, the scientific investigation and forensic handling for securing objective forensic in crime investigation is increasingly important. Today, digital systems, such as smartphones, CCTVs, black boxes, etc. are increasingly used as criminal information investigation clues, and digital forensic is becoming a decisive factor in investigation and trial. However, the systems have the risk that digital forensic may be damaged or manipulated by malicious insiders in the existing centralized management systems based on client/server structure. In this paper, we design and implement a blockchain based digital forensic management model using Hyperledger Fabric and Docker to guarantee the reliability and integrity of digital forensic. The proposed digital evidence management model allows only authorized participants in a distributed environment without a central management agency access the network to share and manage potential crime data. Therefore, it could be relatively safe from malicious internal attackers compared to the existing client/server model.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.9
• /
• pp.2055-2062
• /
• 2013

Digital evidence which is the new form of evidence to crime makes little difference in value and function with existing evidences. As time goes on, digital evidence will be the important part of the collection and the admissibility of evidence. Usually a digital forensic investigator has to spend a lot of time in order to find clues related to the investigation among the huge amount of data extracted from one or more potential containers of evidence such as computer systems, storage media and devices. Therefore, these evidences need to be ranked and prioritized based on the importance of potential relevant evidence to decrease the investigate time. In this paper we propose a methodology which prioritizes order in which evidences are to be examined in order to help in selecting the right evidence for investigation. The proposed scheme is based on Fuzzy Multi-Criteria Decision Making, in which uncertain parameters such as evidence investigation duration, value of evidence and relation between evidence, and relation between the case and time are used in the decision process using the aggregation function in fuzzy set theory.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.129-141
• /
• 2010

In digital computing environment, for the mal functions in appliances and system errors, the unaccepted intrusion should be occurred. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That’s why we have to prove the evidence’s integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• Journal of Advanced Navigation Technology
• /
• v.18 no.1
• /
• pp.50-55
• /
• 2014

Recently, importance of digital forensics has increased and using analysis methods of digital evidence in the analysis of evidence of various types. However, analysis time and effort is steadily increasing because personal disk capacity is too big and it has many number of files. Most digital evidence has time property, such as access time, creation time, and modification time. These time information of digital evidence is one of most important factors in the digital forensic area. But if digital examiner simply analyze based on binary source only, it is possible to have wrong result because time has various types. In this paper, we classify various type of time in the digital evidence and describe advanced analysis method based on timeline chart for digital forensic investigation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.647-659
• /
• 2023

As digital evidence becomes more important in criminal investigations, disputes are increasing in court. As media diversifies and the scope of analysis expands, the level of expertise in digital forensics is also increasing. However, no competency model has been developed to define the capabilities of digital evidence examiners or to judge their expertise. There have been some studies that have derived the capabilities necessary for digital evidence examiner, but they are still insufficient. Therefore, in this study, 25 competency evaluation factors in a total of 9 competency groups were defined using methodologies such as expert FGI and Delphi survey. Specifically, it was defined as Digital Forensics Theory, Digital Evidence Collection&Management, Disk Forensics, Mobile Forensics, Video Forensics, infringement forensics, DB Forensics, Embedded(IoT) Forensics, and Cloud Forensics. The digital evidence examiner competency model is expected to be used in various fields such as recruitment, education and training, and performance evaluation in the future.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.13 no.1
• /
• pp.163-168
• /
• 2018

With the advent of the fourth industrial revolution era, the use of drone has been progressing rapidly in various fields. Now the drones will be used extensively in the area of investigation. Until now the criminal photographs stayed in 2D digital images, it would be possible to reproduce not only 3D images but also make a crime scene with 3D printer. Firstly, the video images taken by the investigation agency using the drones are digital image evidence, and the requirements for securing the evidence capability are not different from the conditions for obtaining the proof of digital evidence. However, when the drones become a new area of scientific investigation, it is essential to systematize the authenticity of the images taken by the drones so that they can be used as evidence. In this paper, I propose a method to secure the evidence capability of digital images taken by drone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.869-878
• /
• 2018

Digital Evidence Data in cyberspace is easy to modify or delete, and changes are reflected in real time, so it is necessary to acquire evidence data quickly. Collecting evidence on the client side is advantageous in that data can be acquired without time delay due to additional administrative procedures, but collection of large data is likewise vulnerable to collection time delay problem. Therefore, this paper proposes an automated evidence collection method on the client side, focusing on the major web-based services in cyberspace, and enables efficient evidence collection for large volumes of data. Furthermore, we propose a digital evidence collection system in cyberspace that guarantees the integrity of the collected digital evidence until the court submission.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.121-130
• /
• 2022

Recently, as soldiers are allowed to use mobile phones, cases are frequently transferred from the police to the military due to criminal acts, and digital evidence is collected separately from the reliability of previous investigations, such as overlapping seizure and search procedures. In this study, through in-depth interviews with practitioners in charge of digital evidence in the military, police, and courts, problems related to digital evidence handling, such as infringement of evidence ability due to overlapping human factors and procedures, are derived and analyzed. The presented procedure verified the effectiveness of the procedure through case analysis, and is expected to contribute to the guarantee of the evidence capacity of digital evidence and the efficiency of handling cases.