• Journal of KIBIM
• /
• v.11 no.3
• /
• pp.67-74
• /
• 2021

An IFC file is dependent on the IFC schema. Because of this relationship, most IFC-using software reads and interprets the IFC File by employing an early binding method, which uses a standard IFC schema. In the case of most open sources, early binding methods using standard IFC schema have a problem that they cannot express extra information of IFC File out of extended IFC schema. Also, in the case of previous studies, they suggested schema extension, such as adding attribute information to the schema, rather than the interpretation of IFC File. This study research on method of extracting shape and attribute information was conducted by analyzing the IFC File produced through the Port schema, which is an extended IFC schema. Three objects were created using the reference relationship between the Port schema definition and the IFC entity, and, at the end, the three objects were combined into one object. It has been confirmed that the shape and property data were express properly while delivering the combined object to the viewer. The process is possible because of the method of matching IFC schema and IFC File, which is dependent on IFC schema but not early binding method. However, this method has some drawbacks, such that contemporaneously generated many objects consume many memory spaces. Future research to investigate that issue further is needed.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.107-118
• /
• 2010

This paper proposes a digital forensic method to a file creation transaction using a journal file($LogFile) on NTFS File System. The journal file contains lots of information which can help recovering the file system when system failure happens, so knowledge of the structure is very helpful for a forensic analysis. The structure of the journal file, however, is not officially opened. We find out the journal file structure with analyzing the structure of log records by using reverse engineering. We show the digital forensic procedure extracting information from the log records of a sample file created on a NTFS volume. The related log records are as follows: bitmap and segment allocation information of MFT entry, index entry allocation information, resident value update information($FILE_NAME, $STANDARD_INFORMATION, and INDEX_ALLOCATION attribute etc.).

• The KIPS Transactions:PartA
• /
• v.11A no.5
• /
• pp.319-324
• /
• 2004

The Java language is rapidly being adopted in the Internet. The distributed applications and their application range are being expanded beyond just a programing language and developed Into software applications. A variety of researches are going on with regard to the Java Virtual Machine runtime environment and methods of analyzing the Java class files and utilizing the information for applications. A class file is a converted file that is executable by the Java virtual machine. Analysis on the class file structure and the runtime processes will be convenient in arranging the decompilers and debugging the source programs. This paper is about the runtime process analyzer that presents the runtime processes, including class files, more visually. The content of a class file will be easily accessed and expressed as in a graphic user interface. The information in the class file displayed is divided into Constant_Pool, Class_file, Interface, Field, Method and Attribute with information on method area, operand stack and local variables expressed visually.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.2
• /
• pp.91-105
• /
• 2014

This paper proposes a digital forensic method by an evaluation function based on timestamp changing patterns. Operations on file or folder leave changed timestamps, which give the ways to know what operations were executed. Changes of timestamps of ten operations of a file and eight operations of a folder were examined. Analyses on the changes on the eight folder operations are newly added in this paper, which are not performed in the previous works. Based on the timestamps changes of the file and the folder, two evaluation functions are proposed. The first evaluation function checks whether timestamps are changed by file and folder operations, and the second evaluation function checks whether timestamps are originated from a source file or other attribute field. By the two output values from these evaluation functions, a digital forensic investigation on the file or the folder is performed. With some cases, i. e. file copy and folder creation operations, the proposed forensic method is tested for its usefulness.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.4B
• /
• pp.288-299
• /
• 2012

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server and prevent modification attack for proxy re-encryption key using d Secret Sharing, We construct protocol model in medical environment.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.9
• /
• pp.51-58
• /
• 2019

Temporal analysis is very useful and important for digital forensics for reconstructing the timeline of digital events. Forgery of a file's timestamp can lead to inconsistencies in the overall temporal relationship, making it difficult to analyze the timeline in reconstructing actions or events and the results of the analysis might not be reliable. The purpose of the timestamp change is to hide the data in a steganographic way, and the other purpose is for anti-forensics. In both cases, the time stamp change tools are requested to use. In this paper, we propose a classification method based on the behavior of the timestamp change tools. The timestamp change tools are categorized three types according to patterns of the changed timestamps after using the tools. By analyzing the changed timestamps, it can be decided what kind of tool is used. And we show that the three types of the patterns are closely related to API functions which are used to develop the tools.

• The Journal of Information Technology and Database
• /
• v.6 no.2
• /
• pp.71-86
• /
• 1999

The performance of relational database is measured by the number of disk accesses necessary to transfer data from disk to main memory. The paper proposes to vertically partition relations into fragments and to allow attribute replication to reduce the number of disk accesses. To reduce the computational time, heuristic search method using genetic algorithm is used. Genetic algorithm used employs a rank-based-sharing fitness function and elitism. Desirable parameters of genetic algorithm are obtained through experiments and used to find the solutions. Solutions of attribute replication and attribute non-replication problems are compared. Optimal solutions obtained by branch and bound method and by heuristic solutions(genetic algorithm) are also discussed. The solution method proposed is able to solve large-sized problems within acceptable time limit and shows solutions near the optimal value.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.31-40
• /
• 2016

In this paper, we propose a new anti-forensic method for hiding data in the timestamp of a file in the Windows NTFS filesystem. The main idea of the proposed method is to utilize the 16 least significant bits of the 64 bits in the timestamps. The 64-bit timestamp format represents a number of 100-nanosecond intervals, which are small enough to appear in less than a second, and are not commonly displayed with full precision in the Windows Explorer window or the file browsers of forensic tools. This allows them to be manipulated for other purposes. Every file has $STANDARD_INFORMATION and $FILE_NAME attributes, and each attribute has four timestamps respectively, so we can use 16 bytes to hide data. Without any changes in an original timestamp of "year-month-day hour:min:sec" format, we intentionally put manipulated data into the 16 least significant bits, making the existence of the hidden data in the timestamps difficult to uncover or detect. We demonstrated the applicability and feasibility of the proposed method with a test case.

• Journal of the Semiconductor & Display Technology
• /
• v.8 no.1
• /
• pp.39-42
• /
• 2009

In this paper an attempt for realizing a storage system which works as a part of human brain has been discussed. The system is expected to be able to coordinate with human brain. And current storage may have inherent problem due to an intrinsic attribute of storage, exclusiveness. Directory structure in it must be a source of confusion, if it used out side of the range of limitation. Adapting multidimensional annotation of file name extension and directory-less file system, a new storage system able to associate and coordinate with human brain may be available near future. This paper showed that the limitation of current storage system clearly exists, because of human brain limitation to memorize directory name.

• Journal of KIISE
• /
• v.43 no.7
• /
• pp.744-750
• /
• 2016

Recent cloud infrastructures provide competitive performances and operation costs for many internet services through pay-per-use model. Particularly, object storages are highlighted, as they have unlimited file holding capacity and allow users to access the stored files anytime and anywhere. Several lines of research are based on cloud-backed file systems, which support traditional POSIX interface rather than RESTful APIs via HTTP. However, these existing file systems handle all files with uniform size backing objects. Consequently, the accesses to cloud object storages are likely to be inefficient. In our research, files are profiled according to characteristics, and appropriate backing unit sizes are determined. We experimentally verify that different backing unit sizes for the object storage improve the performance of cloud-backed file systems. In our comparative experiments with S3QL, our prototype cloud-backed file system shows faster performance by 18.6% on average.