• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.33-34
• /
• 2006

Computer Forensics is a research area which finds the malicious users by collecting and analyzing the intrusion or infringement evidence of the computer crime. Many research about Computer Forensics has been done. But those research have focussed on how to collect the evidence after receiving the damage reports from computer users or network administrators. This paper describes about collecting the evidence of good quality at the time of infringement occurrence by the malicious user. By calculating Infringement severity of observable and protective hosts and referring to this value, we collect the evidence at the time of infringement occurrence to minimize the information modification of the evidence. We can reduce also the amount of logs that we use to analyze the infringement and can minimize the loss of the evidence.

• Journal of information and communication convergence engineering
• /
• v.13 no.2
• /
• pp.74-80
• /
• 2015

In cognitive radios, spectrum sensing plays an important role in accurately detecting the presence or absence of a licensed user. However, the intervention of malicious users (MUs) degrades the performance of spectrum sensing. Such users manipulate the local results and send falsified data to the data fusion center; this process is called spectrum sensing data falsification (SSDF). Thus, MUs degrade the spectrum sensing performance and increase uncertainty issues. In this paper, we propose a method based on the Hausdorff distance and a similarity measure matrix to measure the difference between the normal user evidence and the malicious user evidence. In addition, we use the Dempster-Shafer theory to combine the sets of evidence from each normal user evidence. We compare the proposed method with the k-means and Jaccard distance methods for malicious user detection. Simulation results show that the proposed method is effective against an SSDF attack.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.3
• /
• pp.87-93
• /
• 2019

In this paper, we propose a real-time drone-based violent protest detection system. Our proposed system uses drones to detect scenes of violent protest in real-time. The important problem is that the victims and violent actions have to be manually searched in videos when the evidence has been collected. Firstly, we focused to solve the limitations of existing collecting evidence devices by using drone to collect evidence live and upload in AWS(Amazon Web Service)[1]. Secondly, we built a Deep Learning based violence detection model from the videos using Yolov3 Feature Pyramid Network for human activity recognition, in order to detect three types of violent action. The built model classifies people with possession of gun, swinging pipe, and violent activity with the accuracy of 92, 91 and 80.5% respectively. This system is expected to significantly save time and human resource of the existing collecting evidence.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.346-376
• /
• 2018

Digital forensics is a vital part of almost every criminal investigation given the amount of information available and the opportunities offered by electronic data to investigate and evidence a crime. However, in criminal justice proceedings, these electronic pieces of evidence are often considered with the utmost suspicion and uncertainty, although, on occasions are justifiable. Presently, the use of scientifically unproven forensic techniques are highly criticized in legal proceedings. Nevertheless, the exceedingly distinct and dynamic characteristics of electronic data, in addition to the current legislation and privacy laws remain as challenging aspects for systematically attesting evidence in a court of law. This article presents a comprehensive study to examine the issues that are considered essential to discuss and resolve, for the proper acceptance of evidence based on scientific grounds. Moreover, the article explains the state of forensics in emerging sub-fields of digital technology such as, cloud computing, social media, and the Internet of Things (IoT), and reviewing the challenges which may complicate the process of systematic validation of electronic evidence. The study further explores various solutions previously proposed, by researchers and academics, regarding their appropriateness based on their experimental evaluation. Additionally, this article suggests open research areas, highlighting many of the issues and problems associated with the empirical evaluation of these solutions for immediate attention by researchers and practitioners. Notably, academics must react to these challenges with appropriate emphasis on methodical verification. Therefore, for this purpose, the issues in the experiential validation of practices currently available are reviewed in this study. The review also discusses the struggle involved in demonstrating the reliability and validity of these approaches with contemporary evaluation methods. Furthermore, the development of best practices, reliable tools and the formulation of formal testing methods for digital forensic techniques are highlighted which could be extremely useful and of immense value to improve the trustworthiness of electronic evidence in legal proceedings.

• Journal of Information Processing Systems
• /
• v.11 no.4
• /
• pp.630-642
• /
• 2015

In Jøsang's subjective logic, the fusion operator is not able to fuse three or more opinions at a time and it cannot consider the effect of time factors on fusion. Also, the base rate (a) and non-informative prior weight (C) could not change dynamically. In this paper, we propose an Improved Subjective Logic Model with Evidence Driven (ISLM-ED) that expands and enriches the subjective logic theory. It includes the multi-agent unified fusion operator and the dynamic function for the base rate (a) and the non-informative prior weight (C) through the changes in evidence. The multi-agent unified fusion operator not only meets the commutative and associative law but is also consistent with the researchers's cognitive rules. A strict mathematical proof was given by this paper. Finally, through the simulation experiments, the results show that the ISLM-ED is more reasonable and effective and that it can be better adapted to the changing environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.171-180
• /
• 2008

This paper also suggests the Digital Evidence Transmission System for E-Discovery which is suited to domestic environments in order to solve these problems and promote safe and convenient transmission of the electronic evidences. The suggested Digital Evidence Transmission System for E-Discovery is the system that submit digital evidences to Court's Sever through the Internet using Public Key Infrastructure and Virtual Private Network, and solves the problems - such as privileged and privacy data, trade secret of company, etc.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2014.07a
• /
• pp.139-141
• /
• 2014

IT산업의 발전에 따른 IT기기의 사용이 우리의 일상에서 없어서는 안되는 존재로 자리잡음으로써 우리의 생활의 편리함과 풍요로움을 가져다준 동시에 수많은 범죄에 악용되면서 위험에 노출되어져 있기도 하다. 이러한 범죄가 증가함에 따라 기존에 우리가 접하던 유형물 형태의 증거에서 무형의 디지털 증거가 급격히 늘어났고 형사소송법의 영역에서 매우 중요한 자리를 차지하게 되었으나 아직까지 미비한 부분들이 많고 구체적인 확립이 되지 않은 실정이기에 디지털 증거의 압수 수색에 대한 문제점을 간략히 알아보고 그에 대한 개선방안을 알아보려 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.337-340
• /
• 2001

A major impediment in using the Dempster-Shafer evidence combination scheme is its computational complexity, which in general is exponential since DS scheme allows any subsets over the frame of discernment as focal elements. To avoid this problem, we propose a method called approximate evidence combination scheme. This scheme is applied to a few sample applications and the experiment results are compared with those of VBS. The results show that the approximation scheme achieves a great amount of computational speedup and produces belief values within the range of deviation that the expert allows.

• Proceedings of the Safety Management and Science Conference
• /
• 2001.05a
• /
• pp.275-280
• /
• 2001

DESIGNIN AND OPERATION OF DIGITAL EVIDENCE MANAGEMENT SYSTEM APPLYING COMPUTER FORENSICS AND ELECTRONIC CERTIFICATION Digital evidence will be used as a term, which means the electronic form of information which is necessary to confirm or prove the factum of all kinds of behaviors committed through the devices which have data processing ability including computer. It is expected that there will be the increase of legal conflicts surrounding electronic commerce activities as well as the increase of cyber crimes, as the number of Internet users are getting bigger. In order to solve the problems of conflicts derived from electronic commerce, the factum of electronic commerce activities must be confirmed. In order to confirm the factum of electronic commerce activities, the evidence is prerequisite. Almost all evidences relating to the electronic commerce activities exist in digital form. For the reason that the digital evidence can be easily damaged and changed, special management is required to collect, analyze, and preserve the digital evidence. In order to meet this requirement, this study proposes a basic model of digital evidence management system applying computer forensics and electronic authentication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.417-428
• /
• 2020

With the rapid development of information and communication technology, mobile devices have become an essential tool in our lives. Mobile devices are used as important evidence in criminal proof, as they accumulate data simultaneously with PIM functions while working with users most of the time. The mobile forensics is a procedure for obtaining digital evidence from mobile devices and should be collected and analyzed in accordance with due process, just like other evidence, and the integrity of the evidence is essential because it has aspects that are easy to manipulate and delete. Also, the adoption of evidence relies on the judges' liberalism, which necessitates the presentation of generalized procedures. In this paper, a mobile forensics model is presented to ensure integrity through the generalization of procedures. It is expected that the proposed mobile forensics model will contribute to the formation of judges by ensuring the reliability and authenticity of evidence.