• Journal of Internet of Things and Convergence
• /
• v.7 no.3
• /
• pp.1-8
• /
• 2021

With the rapid increase in the use of IoT and mobile devices, cyber criminals targeting IoT devices are also on the rise. Among IoT devices, when using a wireless access point (AP), problems such as packets being exposed to the outside due to their own security vulnerabilities or easily infected with malicious codes such as bots, causing DDoS attack traffic, are being discovered. Therefore, in this study, in order to actively respond to cyber attacks targeting IoT devices that are rapidly increasing in recent years, we proposed a method to collect traces of intrusion incidents artifacts from IoT devices, and to improve the validity of intrusion analysis data. Specifically, we presented a method to acquire and analyze digital forensics artifacts in the compromised system after identifying the causes of vulnerabilities by reproducing the behavior of the sample IoT malware. Accordingly, it is expected that it will be possible to establish a system that can efficiently detect intrusion incidents on targeting large-scale IoT devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.737-751
• /
• 2023

The importance of digital forensics in the cloud environment is increasing as businesses and individuals move their data from On-premise to the cloud. Cloud data can be stored on various devices, including mobile devices and desktops, and encompasses a variety of user behavior artifacts, such as information generated from linked accounts and cloud services. However, there are limitations in securing and analyzing digital evidence due to environmental constraints of the cloud, such as distributed storage of data and lack of artifact linkage. One solution to address this is archiving services, and Google's Takeout is prime example. In this paper, user behavior data is analyzed for cloud forensics based on archiving data and necessary items are selected from an investigation perspective. Additionally, we propose the process of analyzing selectively collected data based on time information and utilizing web-based visualization to meaningfully assess artifact associations and multi-behaviors. Through this, we aim to demonstrate the value of utilizing archiving data in response to the increasing significance of evidence collection for cloud data.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.69-78
• /
• 2022

As the use of Internet of Things (IoT) devices has expanded, digital forensics coverage of the National Police Agency has expanded to smart home areas. Accordingly, most of the existing studies conducted to acquire smart home platform data were mainly conducted to analyze local data of mobile devices and analyze network perspectives. However, meaningful data for evidence analysis is mainly stored on cloud storage on smart home platforms. Therefore, in this paper, we study how to acquire stored in the cloud in a Hey Home Air environment by extracting accessToken of user accounts through a cookie database of browsers such as Microsoft Edge, Google Chrome, Mozilia Firefox, and Opera, which are recorded on a PC when users use the Hey Home app-based "Hey Home Square" service. In this paper, the it was configured with smart temperature and humidity sensors, smart door sensors, and smart motion sensors, and artifacts such as temperature and humidity data by date and place, device list used, and motion detection records were collected. Information such as temperature and humidity at the time of the incident can be seen from the results of the artifact analysis and can be used in the forensic investigation process. In addition, the cloud data acquisition method using OpenAPI proposed in this paper excludes the possibility of modulation during the data collection process and uses the API method, so it follows the principle of integrity and reproducibility, which are the principles of digital forensics.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.7
• /
• pp.307-314
• /
• 2017

Stick-PC is small and portable, So it can be used like a desktop if you connect it to a display device such as a monitor or TV anytime and anywhere. Accordingly, Stick-PC can related to various crimes, and various evidence may remain. Stick-PC uses the same Windows version of the operating system as the regular Desktop, the artifacts to be analyzed are the same. However, unlike the Desktop, it can be used as a meaningful information for forensic investigation if it is possible to identify the actual user and trace the usage by finding the traces of peripheral devices before analyzing the system due to the mobility. In this paper, We presents a method of collecting images using Bootable OS, which is one of the image collection methods of Stick-PC. In addition, we show how to analyze the trace of peripheral connection and network connection trace such as Display, Bluetooth through the registry and event log, and suggest the application method from the forensic point of view through experimental scenario.