• Journal of the Korea Society of Computer and Information
• /
• v.19 no.12
• /
• pp.161-169
• /
• 2014

Digital forensics is the process of proving criminal charges by collecting and analyzing digital evidence which is related to the crime in question. Most digital forensic research is focused on digital forensic techniques themselves or cyber crime. In this paper, we designed a digital forensics-criminal investigation linked model in order to effectively apply digital forensics to various types of criminal investigations. Digital forensic ontology was developed based on this model. For more effective application of digital forensics to criminal investigation we derived specific application fields. The ontology has legality rules and adequacy rules, so it can support investigative decision-making. The ontology can be developed into an intelligent criminal investigation system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.654-657
• /
• 2013

최근 디지털 포렌식 조사를 회피하기 위한 안티포렌식 기술이 발전하고 있는 가운데, 사용자 행위분석을 위한 여러 요소 중 응용프로그램의 아이콘 정보를 저장하고 있는 IconCache.db 파일은 디지털 포렌식 조사를 위한 의미 있는 정보들을 제공하고 있다. 따라서 본 논문은 IconCache.db 파일의 특성을 알아보고 디지털 포렌식 측면에서의 활용방안을 제시하도록 하겠다.

• The KIPS Transactions:PartC
• /
• v.18C no.4
• /
• pp.217-226
• /
• 2011

As a diverse range of smartphones has been recently developed and diffused, the users of SNS (Social Network Service) also have been sharply increased. The SNS saves a variety of information such as exchanged pictures and videos, voice mails or location sharing, chat history, etc. as well as simple user data, so that the acquisition of data that are useful in the aspect of digital forensic is achievable. This thesis reviews the types of SNS that are available for the iPhone, a recent example of highly used smartphones, and types of data by each client. Also, efficient data analysis method for digital forensic investigations is suggested by analyzing the relationships within the collected data by each client.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.55-70
• /
• 2018

With the diversification of mobile devices, the development of web technologies, and the popularization of the cloud, an internet-centric web OS that is not dependent on devices has become necessary. Chromebooks are mobile devices in the form of convertible laptops featuring a web OS developed by Google. These Web OS mobile devices have advantages of multi-user characteristics of the same device and storage and sharing of data through internet and cloud, but it is easy to collect and analyze evidence from the forensic point of view because of excellent security and easy destruction of evidence not. In this paper, we propose an evidence collection procedure and an analysis method considering the cloud environment by dividing the Chromebook, which is a web OS mobile device popularized in the future, into user and administrator modes.

• Journal of Internet Computing and Services
• /
• v.12 no.5
• /
• pp.47-61
• /
• 2011

Recently, the importance of digital forensic has been magnified because of the dramatic increase of cyber crimes and the increasing complexity of the investigation of target systems such as PCs, servers, and database systems. Moreover, some systems have to be investigated with live forensic techniques. However, even though live forensic techniques have been improved, they are still vulnerable to anti-forensic activities when the target systems are remotely accessible by criminals or their accomplices. To solve this problem, we first suggest a layer-based model and the anti-forensic scenarios which can actually be applicable to each layer. Our suggested model, the Anti-Forensic Activites layer-based model, has 5 layers - the physical layer, network layer, OS layer, database application layer and data layer. Each layer has possible anti-forensic scenarios with detailed commands. Second, we propose a fuzzy expert system for effectively detecting anti-forensic activities. Some anti-forensic activities are hardly distinguished from normal activities. So, we use fuzzy logic for handling ambiguous data. We make rule sets with extracted commands and their arguments from pre-defined scenarios and the fuzzy expert system learns the rule sets. With this system, we can detect anti-forensic activities in real time when performing live forensic.

• Convergence Security Journal
• /
• v.3 no.1
• /
• pp.7-22
• /
• 2003

The legal dispute of electronic commerce and computer crimes are increasing because the electronic services like e-government and e-commerce are now widely used. Computer Forensics becomes the method for recovery, preservation, analysis and report regarding digital evidence essential to resolve the legal dispute and computer crime. In this paper, the developmental process of Computer Forensics is discussed. It is intended to elicit constructive discussion regarding the domestic Computer Forensics. And this discussion will be of help to establish the secure e-business and e-government services in the field of the research, legal system and technical skill of domestic Computer Forensics.

• Journal of Advanced Navigation Technology
• /
• v.15 no.5
• /
• pp.887-892
• /
• 2011

Recently iPad has been released, so users interest in new portable device is increasing. As markets grow, experts are forecasting a increase of investigation about tablet PC. However iPad forensics is very difficult using existing smart phone forensic softwares. especially, those softwares can't analyze korean mobile application. This paper describes collecting/analyzing technique for iPad.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.81-87
• /
• 2008

In this paper, we propose a forensic watermarking scheme using temporal differences of video chrominance values. Proposed method has low complexity and good visual quality, which is suitable for traitor tracing of digital cinema. Experimental results show that our forensic watermarking method has good detection performance and is robust to several attacks, such as camcorder recording and video compression.

• Korean Chemical Engineering Research
• /
• v.55 no.1
• /
• pp.135-140
• /
• 2017

This paper is on a study for discrimination on relative sequence as a most actively discussed topic in forensic document fields. This paper describes the application of the visual spectral comparator and infinite focus microscope as observation methods for overlapping region of printing and writing lines. As a result, we could categorize overlapping region images and identify the sequence of printing and writing lines by various inks.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.221-223
• /
• 2023

오늘날 전 세계적으로 연결되어 있는 인터넷을 통해 사용자들은 아무런 제약 없이 의사소통 및 거래 등 다양한 활동을 할 수 있게 되었다. 그러나 이러한 인터넷상의 자유를 범죄의 수단으로 한 인터넷상의 사이버 범죄가 급속하게 증가하고 있다. 특히 인터넷 중 하나로 분류되는 다크웹에서는 심각한 중대 범죄들이 많이 발생하고 있는데, 다크웹은 일반 네트워크와 달리 암호화 기술을 사용하는 특정 네트워크를 통해서만 접속이 가능하기 때문에 사용자에게 익명성과 비밀성을 제공할 수 웹 사이트이다. 이러한 다크웹의 특성으로 인해 마약 거래, 아동 포르노 유포, 개인정보 유출 등 다양한 사이버 범죄가 발생하고 있다. 본 논문에서는 이러한 다크웹 상에서 발생하는 주요 범죄 사례를 알아보고 이에 대한 포렌식 수사 기법의 동향을 살펴보고자 한다.