• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.839-845
• /
• 2018

Sensitive data is encrypted and stored as privacy policy is strengthened through frequent leakage of personal information. For this reason, the cryptographically owned encrypted data is a very important analysis from the viewpoint of digital forensics. Until now, the digital evidence collection procedure only considers imaging, so hardware specific information is not collected. If the encryption key is generated by information that is not left in the disk image, the encrypted data can not be decrypted. Recently, an application for performing encryption using hardware specific information has appeared. Therefore, in this paper, hardware specific information which does not remain in file form in auxiliary storage device is studied, and hardware specific information collection method is introduced.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.55-70
• /
• 2018

With the diversification of mobile devices, the development of web technologies, and the popularization of the cloud, an internet-centric web OS that is not dependent on devices has become necessary. Chromebooks are mobile devices in the form of convertible laptops featuring a web OS developed by Google. These Web OS mobile devices have advantages of multi-user characteristics of the same device and storage and sharing of data through internet and cloud, but it is easy to collect and analyze evidence from the forensic point of view because of excellent security and easy destruction of evidence not. In this paper, we propose an evidence collection procedure and an analysis method considering the cloud environment by dividing the Chromebook, which is a web OS mobile device popularized in the future, into user and administrator modes.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.4
• /
• pp.204-209
• /
• 2008

Marine accidents show various causes and effects in Korea where 3 sides of the country are surrounded by the ocean. Every year, 600 to 700 marine accidents occur mostly by small fishing boats. There are repeated accidents which involve crashes of coastal ships with fishing boats, which produce casualties and massive environmental hazard and the need for underwater search for shipwrecks. From the beginning of 21st century, the decrease of large ships with large number of crews led to the emergence of digitalvessels and the digital data storage of the installed equipments on the vessels, marine digital forensic - the extraction and analysis of the stored digital data within digital vessels - became necessary. This article is intended to suggest marine digital forensics as a solution of collecting evidence for discovering the causes, liabilities and compensations of marine accidents.

• The Journal of Society for e-Business Studies
• /
• v.23 no.3
• /
• pp.129-143
• /
• 2018

Recently, the use of digital media such as computers and smart devices has been rapidly increasing, The vast and diverse information contained in the warrant of the investigating agency also includes the one irrelevant to the crime. Therefore, when confiscating the information, the basic rights, defense rights and privacy invasion of the person to be seized have been the center of criticism. Although the investigation agency guarantees the right to participate, it does not have specific guidelines, so they are various by the contexts and environments. In this process, the abuse of the participation right is detrimental to the speed and integrity of the investigation, and there is a side effect that the digital evidence might be destroyed by remote initialization. In this study, we conducted surveys of digital evidence analysts across the country based on four domains and thirty measurement items for enabling environment for participation in information storage media export and digital evidence search process. The difference between the level of importance and the performance was analyzed by the IPA matrix based on process, location, people, and technology dimensions. Seven items belonging to "concentrate here" area are one process-related, three location-related, and three people-related items. This study is meaningful to be a basis for establishing the proper policies and strategies for ensuring participation right, as well as for minimizing the side effects.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.23-32
• /
• 2010

Caused by the development of IT environment, the frequency of using the embedded machines is increasing in our regular life. A typical example of these embedded machines is a Multi Function Copier and it has various functions; it is used as copier, scanner, fax machine, and file server. We would like to check the existence of and the way to abstract the data that may have been saved through using the scanner of the multi function printer and discuss how to use those data as the evidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.193-206
• /
• 2024

In tandem with the advancements in the digital era, the significance of digital data has escalated, necessitating an increased focus on digital forensics investigations. However, the process of collecting and analyzing digital evidence faces significant challenges, such as the unidentifiability of damaged files due to issues like media corruption and anti-forensic techniques. Moreover, the technological limitations of existing tools hinder the recovery of damaged files, posing difficulties in the evidence collection process. This paper aims to propose solutions for the recovery of corrupted MS Office files commonly used in digital data creation. To achieve this, we analyze the structure of MS Office files in the OOXML format and present a novel approach to overcome the limitations of current recovery tools. Through these efforts, we aim to contribute to enhancing the quality of evidence collection in the field of digital forensics by efficiently recovering and identifying damaged data.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.2
• /
• pp.545-551
• /
• 2023

As digital information is readily available to everyone today, the adoption of digital evidence is increasing. However, it is virtually impossible to determine the authenticity of forgery in the case of a voice recording file that has gone through a sophisticated editing process along with the spread of various voice file editing tools. This study aims to prove that forgery, which is difficult to distinguish from the original file, is possible by using insertion, deletion, linking, and synthetic editing technologies in voice recording files. This study presents the difficulty of detecting forgery by encoding a forged voice file with the same extension as the original. In addition, it was shown that forgery detection is impossible if additional transition band deletion and secondary encoding are performed only for experiments in which features occurred. Through this, this study is expected to contribute to the establishment of more stringent evidence admissibility criteria for adopting voice recording files as digital evidence.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3943-3957
• /
• 2016

As digital evidence has a highly influential role in proving the innocence of suspects, methods for integrity verification of such digital evidence have become essential in the digital forensic field. Most surveillance camera systems are not equipped with proper built-in integrity protection functions. Because digital forgery techniques are becoming increasingly sophisticated, manually determining whether digital content has been falsified is becoming extremely difficult for investigators. Hence, systematic approaches to forensic integrity verification are essential for ascertaining truth or falsehood. We propose an integrity determination method that utilizes the structure of the video content in a Video Event Data Recorder (VEDR). The proposed method identifies the difference in frame index fields between a forged file and an original file. Experiments conducted using real VEDRs in the market and video files forged by a video editing tool demonstrate that the proposed integrity verification scheme can detect broken integrity in video content.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.15-20
• /
• 2017

Cloud computing is a service that to use IT resources (software, storage, server, network) through various equipment in an Internet-enabled environment. Due to convenience, efficiency, and cost reduction, the utilization rate has increased recently. However, Cloud providers have become targets for attack Also, Abuse of cloud service is considered as the top security threat. The existing digital forensic procedures are suitable for investigations on individual terminals. In this paper, we propose a new investigation model by analyzing the vulnerable points that occur when you investigate the cloud environment with the existing digital forensic investigation procedure. The proposed investigation model adds a way to obtain account information, and can apply public cloud and private cloud together. Cloud services are also easily accessible and are likely to destroy digital evidence. Therefore, the investigation model was reinforced by adding an account access blocking step.

• Journal of Korea Multimedia Society
• /
• v.24 no.12
• /
• pp.1641-1652
• /
• 2021

To analyze the crime scene, the role of digital evidence such as CCTV and black box is very important. Such digital evidence is often damaged due to device defects or intentional deletion. In this case, the deleted video can be restored by well-known techniques like the frame-based recovery method. Especially, the data such as the video can be generally fragmented and saved in the case of the memory used almost fully. If the fragmented video were recovered in units of images, the sequence of the recovered images may not be continuous. In this paper, we proposed a new video restoration method to match the sequence of recovered images. First, the images are recovered through a frame-based recovery technique. Then, after analyzing the time information marked on the images, the time information was extracted and recognized via optical character recognition (OCR). Finally, the recovered images are rearranged based on the time information obtained by OCR. For performance evaluation, we evaluate the recovery rate of our proposed video restoration method. As a result, it was shown that the recovery rate for the fragmented video was recovered from a minimum of about 47% to a maximum of 98%.