• The Journal of Society for e-Business Studies
• /
• v.14 no.3
• /
• pp.169-181
• /
• 2009

As the situations that important evidences or clues are found in digital information devices increase, digital forensic technology is widely applied. In this paper, forensic based audit system is implemented by associating forensic analysis system with agent system which monitors and collects data for analysis in storage devices over distributed network nodes. Forensic audit system implemented in this paper can prevent, audit and trace the computer related crimes in IT infrastructure by real time monitoring and evidence seizure.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.2
• /
• pp.91-105
• /
• 2014

This paper proposes a digital forensic method by an evaluation function based on timestamp changing patterns. Operations on file or folder leave changed timestamps, which give the ways to know what operations were executed. Changes of timestamps of ten operations of a file and eight operations of a folder were examined. Analyses on the changes on the eight folder operations are newly added in this paper, which are not performed in the previous works. Based on the timestamps changes of the file and the folder, two evaluation functions are proposed. The first evaluation function checks whether timestamps are changed by file and folder operations, and the second evaluation function checks whether timestamps are originated from a source file or other attribute field. By the two output values from these evaluation functions, a digital forensic investigation on the file or the folder is performed. With some cases, i. e. file copy and folder creation operations, the proposed forensic method is tested for its usefulness.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.93-105
• /
• 2007

A digital forensic technology and tools are used much in the rapidly increased cyber intrusion accident investigation. But, almost the identification and gathering tools of digital forensic evidence are very difficultly integrated and simply poor-skill. Thereby, Important digital evidences at intrusion accident investigation of public institution and a private enterprise can be omitted or demaged. In this paper, therefore, we refer to 'The digital forensic tool for identification and gathering evidence' based only Window OS by using 'Log Parser', discuss the methodology for the identification and gathering of digital forensic evidence by cyber intrusion accident types.

• Convergence Security Journal
• /
• v.12 no.5
• /
• pp.79-85
• /
• 2012

This research is to improve the education courses for nurturing digital forensic exports. To do so, the education courses for nurturing digital forensic exports were proposed and surveys targeting forensic professionals are conducted. Using AHP method, the most rational and important education courses among aspects (forensic introduction, system forensic, theories and analyses by categories, tool using, and research work) were drawn from results from the above. From this research, it is to improve the education courses for nurturing digital forensic experts applying rational courses with high status.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.353-355
• /
• 2017

Recently developed digital devices are being used in cyberspace. Digital device users are engaged in activities such as financial settlement and e-commerce using cyber-connected terminals. With the activation of cyber trading, cyber crimes against users are increasing. Forensic evidence should be obtained from investigations of cybercrime. However, there is a lot of information to analyze digital forensic evidence. In many of these digital information, Scripts are an effective way to secure evidence for cybercrime. In this paper, we study how to secure forensic evidence using scripts. Extract evidence from EnCase and study how to obtain evidence using scripts. This study will be used as the basic data for cyber security for the safe life of the people.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.97-107
• /
• 2023

With the popularization of digital devices in the era of the 4th industrial revolution and the increase in cyber crimes targeting them, the importance of securing digital data evidence is emerging. However, the difficulty in securing digital data evidence is due to the use of anti-forensic techniques that increase analysis time or make it impossible, such as manipulation, deletion, and obfuscation of digital data. Such anti-forensic is defined as a series of actions to damage and block evidence in terms of digital forensics, and is classified into data destruction, data encryption, data concealment, and data tampering as anti-forensic techniques. Therefore, in this study, anti-forensic techniques are categorized into data concealment and deletion (obfuscation and encryption), investigate and analyze recent research trends, and suggest future anti-forensic research directions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.387-396
• /
• 2016

As the number of people using digital devices has increased, the digital forensic, which aims at finding clues for crimes in digital data, has been developed and become more important especially in court. Together with the development of the digital forensic, the anti-forensic which aims at thwarting the digital forensic has also been developed. As an example, with anti-forensic technology the criminal would delete an digital evidence without which the investigator would be hard to find any clue for crimes. In such a case, recovery techniques on deleted or damaged information will be very important in the field of digital forensic. Until now, even though EVTX(event log)-based recovery techniques on deleted files have been presented, but there has been no study to retrieve event log data itself, In this paper, we propose some recovery algorithms on deleted or damaged event log file and show that our recovery algorithms have high success rate through experiments.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.271-272
• /
• 2014

As E-discovery in criminal investigation is increasing, the importance of Forensic Tools which can legally extract data with high effectiveness is getting higher. Digital products are growing fast. Therefore, Forensic Tools should be implemented readily to suit users and events well. Although forensic industry and governments use expensive forensic tools, some have suggested limitations to its use, such as memory limitations and the limits of post-audit. We need to develop open source forensic tools that can implement a variety of forensic tool fast. This research studies digital forensics technical skills which are commercialized currently and suggests applicable strategies of the open digital forensics to help overcome these limitations.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.2
• /
• pp.73-90
• /
• 2015

When we apply file commands on files in a directory, the directory as well as the file suffer changes in timestamps of MFT entry. Based on understanding of these changes, this work provides a digital forensic analysis on the timestamp changes of the directory influenced by execution of file commands. NTFS utilizes B-tree indexing structure for managing efficient storage of a huge number of files and fast lookups, which changes an index tree of the directory index when files are operated by commands. From a digital forensic point of view, we try to understand behaviors of the B-tree indexes and are looking for traces of files to collect information. But it is not easy to analyze the directory index entry when the file commands are executed. And researches on a digital forensic about NTFS directory and B-tree indexing are comparatively rare. Focusing on the fact, we present, in this paper, directory timestamp changes after executing file commands including a creation, a copy, a deletion etc are analyzed and a method for finding forensic evidences of a deletion of directory containing files. With some cases, i.e. examples of file copy and file deletion command, analyses on the problem of timestamp changes of the directory are given and the problem of finding evidences of a deletion of directory containging files are shown.

• The Journal of Industrial Distribution & Business
• /
• v.12 no.6
• /
• pp.47-55
• /
• 2021

Purpose: Organizational crime is an offense committed by an individual or an official in a corporate entity for organizational gain. This study aims to explore the literature on challenges facing digital forensics and further discuss possible solutions to such challenges as far as the protection of corporate crime is concerned. Research design, data and methodology: Qualitative textual methodology matches the interpretative approach since it is a quality method meant to consider the inductivity of strategies. Also, a qualitative approach is vital because it is distinct from the techniques used in optimistic paradigms linked to science laws. Results: For achieving justice through the investigation of digital forensic, there is a need to eradicate corporate crimes. This study suggests several solutions to reduce corporate crime such as 'Solving a problem to Anti-forensic Techniques', 'Cloud computing technique', and 'Legal Framework' etc. Conclusion: As corporate crime increases in rate, the data collected by digital forensics increases. The challenge of analyzing chunks of data requires digital forensic experts, who need tools to analyze them. Research findings shows that a change of the operating system and digital evidence interpretation is becoming a challenge as the new computer application software is not compatible with older software's structure.