• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.523-533
• /
• 2014

It has been spent too much time to figure out the incident route when we are facing computer security incident. The incident often recurs moreover the damage is expanded because critical clues are lost while we are wasting time with hesitation. This paper suggests to build a Digital Evidence Map (DEM) in order to find out the incident cause speedy and accurately. The DEM is consist of the log chain which is a mesh relationship between machine data. And the DEM should be managed constantly because the log chain is vulnerable to various external facts. It could help handle the incident quickly and cost-effectively by acquainting it before incident. Thus we can prevent recurrence of incident by removing the root cause of it. Since the DEM has adopted artifacts in data as well as log, we could make effective response to APT attack and Anti-Forensic.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.1
• /
• pp.105-110
• /
• 2011

Embezzlement incident of staff at the casino occurred. Staff of some casinos have lower job satisfaction, moral gap is seriously considering a change jobs. In addition, cash lure of large amounts and a lack of money management system causes embezzlement incident. In this paper, the uniqueness of the casino industry and that employee job satisfaction is investigated. Content analysis of occurrence for casino embezzlement incident and tracking that bank account and bank check, suspect's call list, and so on that digital forensic investigation technology will be studied. Problems and solutions suggest that conducted a loss prevention program, a digital forensics technology and introduce of investigator. Through this study, the computerization of the casino business to embezzlement accident prevent will contribute to that give back profits of property to society, the develop of forensic investigation technology.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.137-146
• /
• 2007

Korea's seas have the potentials of dispute against China or Japan due to the overlap of the territorial waters and EEZ. In case of marine accidents, the nature of the sea tends to eliminate much of the track, making it another hardship in evidence adoption in case of an international dispute along with the false entries of fishing vessels' journals. Marine Digital Forensics Protects the functions of computers and IT appliance on vessels and extracts evidence of voyage and accidents to resolve international dispute. The digital evidence, if tampered with its integrity, my lead to the rejection to a critical claim or may even fail to make a case. As a solution, this thesis suggests Marine Digital Forensics as a way to extract evidence and prove a claim. This may be utilized as means of scientific investigation on sea as overseas exchange increases and the vessels digitalize, leading to a solution in international disputes that may occur in the future.

• KSCI Review
• /
• v.15 no.1
• /
• pp.209-217
• /
• 2007

Korea's seas have the potentials of dispute against China or Japan due to the overlap of the territorial waters and EEZ. In case of marine accidents, the nature of the sea tends to eliminate much of the track, making it another hardship in evidence adoption in case of an international dispute along with the false entries of fishing vessels' journals. Marine Digital Forensics protects the functions of computers and IT appliance on vessels and extracts evidence of voyage and accidents to resolve international dispute. The digital evidence, if tampered with its integrity, may lead to the rejection to a critical claim or may even fail to make a case. As a solution, this thesis suggests Marine Digital Forensics as a way to extract evidence and prove a claim. This may be utilized as means of scientific investigation on sea as overseas exchange increases and the vessels digitalize, leading to a solution in international disputes that may occur in the future.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.95-104
• /
• 2017

As the technology in smart device is growing and Social Network Services(SNS) are becoming more common, the data which is difficult to be processed by existing RDBMS are increasing. As a result of this, NoSQL databases are getting popular as an alternative for processing massive and unstructured data generated in real time. The demand for the technique of digital investigation of NoSQL databases is increasing as the businesses introducing NoSQL database in their system are increasing, although the technique of digital investigation of databases has been researched centered on RDMBS. New techniques of digital forensic investigation are needed as NoSQL Database has no schema to normalize and the storage method differs depending on the type of database and operation environment. Research on document-based database of NoSQL has been done but it is not applicable as itself to other types of NoSQL Database. Therefore, the way of operation and data model, grasp of operation environment, collection and analysis of artifacts and recovery technique of deleted data in HBase which is a NoSQL column-based database are presented in this paper. Also the proposed technique of digital forensic investigation to HBase is verified by an experimental scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.109-115
• /
• 2016

Nowadays, smart devices are the target of the digital forensic investigation. Among various smart devices, we can obtain much information from smart phone which is provided with continuous power and used for data communication. This paper deals with the traces to be left in Android smart phones after using the navigation applications with the GPS function. We selected navigation applications(domestic and overseas) which have a high number of download times, anaylzed them and discussed the meaning of the analysis result in digital forensic investigation.

• Transactions of the Korean Society of Automotive Engineers
• /
• v.23 no.6
• /
• pp.615-622
• /
• 2015

Recently Digital-TachoGraph(DTG) was mounted mandatorily in commercial vehicles(Taxi, Bus, etc.). DTG records accurate and detailed information of the running state of vehicles related to traffic accident, such as Time, Distance, Velocity, RPM, Brake ON/OFF, GPS, Azimuth, Acceleration. Thus those standardized data can play an important role in traffic accident investigation and reconstruction. To develope the accurate and objective method using the DTG data for the reconstruction of traffic accident, we had conducted several tests such as driving test, high speed circuit test, braking test, slalom test at Korea Automobile Testing & Research Institute(KATRI), and collision test at Korea Automobile insurance repair Research and Training center(KART) with the vehicle equipped with several DTG. Development of the program which enables the reading and analysis of the DTG data was followed. In the experiments, we have found velocity error, RPM error, brake signal error and azimuth error in several products, and also non-continuous event data. The cause of these errors was deduced to be related to the correction factor, the durability of electronic parts and the algorithm.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.124-129
• /
• 2021

As the 4th industrial era is in full swing, the public's interest in related technologies such as artificial intelligence, big data, and block chain is increasing. As artificial intelligence technology is used in various industrial fields, the need for research methods incorporating artificial intelligence technology in related fields is also increasing. Evidence collection among digital forensic investigation techniques is a very important procedure in the investigation process that needs to prove a specific person's suspicions. However, there may be cases in which evidence is damaged due to intentional damage to evidence or other physical reasons, and there is a limit to the collection of evidence in this situation. Therefore, this paper we intends to propose an artificial intelligence-based evidence collection system that analyzes numerous image files reported by citizens in real time to visually check the location, user information, and shooting time of the image files. When this system is applied, it is expected that the evidence expected data collected in real time can be actually used as evidence, and it is also expected that the risk area analysis will be possible through big data analysis.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.111-113
• /
• 2021

USB storage devices, which are represented by removable storage media, are widely used even nowadays when cloud services are common. However, since they are cases where hidden areas are created and exploited in USB storage devices. This research is needed to detect and analyze them from an Anti-forensic point of view. In this paper, we analyze a program that can be exploited as Anti-forensic because it can create a hidden partition and store files there, and the file system created by it from a digital forensic point of view.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.215-218
• /
• 2010

Smart Phone with domestic demand increasing rapidly, the utilization of multimedia services have become diverse. Accordingly, Smart Phone users to hack their Jail Breaking and Rooting and illegal use of the multimedia content is copyrighted. Also relevant to mobile communication terminal as a high crime, create, and the digital evidence increases the utilization of the mobile forensic evidence is required to study. In this paper, Smart Phone Copyright Violation and Forensic Apply Method research. Smart Phone Status and related violations of copyright infringement, broadcasting, film, music, e-book, etc. for each survey item, and how to apply for forensics were studied. This study investigated the development and forensic science will be able to contribute to the development.