• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.129-141
• /
• 2010

In digital computing environment, for the mal functions in appliances and system errors, the unaccepted intrusion should be occurred. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That’s why we have to prove the evidence’s integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.273-277
• /
• 2013

Recently, according with a sudden increase of records produced and stored by digital way, it becomes more important to maintain reliability and authenticity and to ensure legal effect when digital records are collected, preserved and managed. On the basis of domestic legal procedure law and record management-related legislation, this paper considered judicial admissibility of evidence on electronic records managed by National Archives of Korea and drew potential problems when these are submitted to court as a evidence. Also, this paper suggested a plan applying digital forensics technique to electronic records management to ensure admissibility of evidence about electronic records stored in National Archives of Korea.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.61-68
• /
• 2010

Recently a malware is increasing for leaking personal data, credit information, financial information, etc. The secondary damage is also rapidly increasing such as the illegal use of stolen name, financial fraud, etc. But when a system is infected by a malware of leaking information, the existing malware evidence collection tools do not provide evidences conveniently or sometimes cannot provide necessary evidences. So security officials have much difficulty in responding to malwares. This paper analyzes the current status and problems of the existing malware evidence collection tools and suggests new ways to improve those problems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.39-48
• /
• 2015

As a growing number of people are concerned about the protection of personal information, the use of encryption solution has been increased. In addition, with the end of support for Windows XP and the improvement of operating system, the use of the Full Disk Encryption solution like Bitlocker will be increased. Therefore, it is necessary to consider countermeasures against Full Disk Encryption for the future digital forensic investigation. This paper provides the digital evidence acquisition procedure that responds to the Full Disk Encryption environment and introduces the countermeasures and detection tool against Full Disk Encryption solutions that are widely used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.149-162
• /
• 2004

Until now the study of computer forensics has been focused only system forensics which carried on keeping, processing and collecting the remained evidence on computer. Recently the trend of forensic study is proceeding about the network forensics which analyze the collected information in entire networks instead of analyzing the evidence on a victim computer. In particular network forensics is more important in Automated Computer Emergency Response System because the system deals with the intrusion evidence of entire networks. In this paper we defined the information of network forensics that have to be collected in Automated Computer Emergency Response System and verified the defined information by comparing with the collected information in experimental environments.

• ETRI Journal
• /
• v.24 no.1
• /
• pp.56-64
• /
• 2002

This paper investigates how market participants react to mergers and acquisitions (M&As) involving telecommunications companies. The empirical evidence suggests that such activities convey bad news to the market. This is consistent with the synergy trap hypothesis and extant empirical findings of value-reducing diversification strategies in recent literature. The evidence also indicates that a cross-border, rather than a domestic M&A deal, is the main driver of the negative market reaction. Further, our evidence of negative impacts on the bidder's business after an M&A reinforces our main finding that market participants, on average, perceive M&A activities to be detrimental to shareholder value. This suggests that value creation or synergy through an M&A deal is not warranted even though it can generate an increase in size of the firm.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.6
• /
• pp.546-552
• /
• 2016

We present a quantitative evaluation of an algorithm for model-based face recognition. The algorithm actively learns how individual faces vary through video sequences, providing on-line suppression of confounding factors such as expression, lighting and pose. By actively decoupling sources of image variation, the algorithm provides a framework in which identity evidence can be integrated over a sequence. We demonstrate that face recognition can be considerably improved by the analysis of video sequences. The method presented is widely applicable in many multi-class interpretation problems.

• Journal of the Korean Society for Library and Information Science
• /
• v.44 no.3
• /
• pp.219-239
• /
• 2010

EBLIP seeks to improve library practice by utilizing the best available evidence in conjunction with a pragmatic perspective developed from working experiences in librarianship. The purpose of this study is to apply the evidence-based library and information practice(EBLIP) in Korean librarianship with encouraging the practitioners to publish in their workplace. Content analysis on papers accepted for publication among five LIS journals and focus group interview were performed in order to investigate the contexts and perceptions on the publishing activities of practicing librarians. While the proportion of papers that librarians wrote was calculated at 26 percent among the sample, the percentage of papers with librarians as a single author was only 9.2. Significant obstacles for librarians to publish papers due to organizational level were observed. The author suggests organizational support and better framework for communicating research based on practice such as publication of evidence-based practical journal and the adoption of structural abstract. The findings reinforce the importance of teaching rigorous research methods in workplace.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.165-176
• /
• 2011

In this paper, we examine the reliability verification procedure of evidence analysis tools for computer forensics and test the famous tools for their functional requirements using the verification items proposed by standard document, TIAK.KO-12.0112. Also, we carry out performance evaluation based on test results and suggest the way of performance improvement for evidence analysis tools. To achieve this, we first investigate functions that test subjects can perform, and then we set up a specific test plan and create evidence image files which contain the contents of a verification items. We finally verify and analyze the test results. In this process, we can discover some weaknesses of most of analysis tools, such as the restoration for deleted & fragmented files, the identification of the file format which is widely used in the country and the processing of the strings composed of Korean alphabet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.49-60
• /
• 2015

Smart Grid devices are the major components of the Smart Grid. They collect and process a variety informations relating power services and support intelligent power services by exchanging informations with other SG devices or systems. However, If a SG device is attacked, the device can provide attack route to attacker and attacker can attack other SG devices or systems using the route. It may cause problem in power services. So, when cyber incident is happened, we need to acquire and examine digital evidence of SG device quickly to secure availability of SG. In this paper, we designed remote evidence acquisition system to acquire digital evidences from SG devices to response quickly to incidents of SG devices. To achieve this, we analyzed operating environment of SG devices and thought remote digital evidence acquisition system of SG devices will be more effective than remote digital evidence acquisition system targeted general IT devices. So, we introduce design method for SG devices remote evidence acquisition system considered operating environment of SG devices.