• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.387-396
• /
• 2016

As the number of people using digital devices has increased, the digital forensic, which aims at finding clues for crimes in digital data, has been developed and become more important especially in court. Together with the development of the digital forensic, the anti-forensic which aims at thwarting the digital forensic has also been developed. As an example, with anti-forensic technology the criminal would delete an digital evidence without which the investigator would be hard to find any clue for crimes. In such a case, recovery techniques on deleted or damaged information will be very important in the field of digital forensic. Until now, even though EVTX(event log)-based recovery techniques on deleted files have been presented, but there has been no study to retrieve event log data itself, In this paper, we propose some recovery algorithms on deleted or damaged event log file and show that our recovery algorithms have high success rate through experiments.

• Analytical Science and Technology
• /
• v.13 no.2
• /
• pp.250-257
• /
• 2000

Paint, fiber and dye which play a critcal role in proving the relationship between a suspect and a victim or a crime scene, are one of the most frequently encountered trace evidences at a forensic laboratory, however, in usual, because of infinitesimally small sizes of forensic samples, investigation of the spectroscopic characteristics of such samples is becomming more and more prevalent in forensic science as a non-destructive method. In this study, transmittance/reflectance profiles at ultraviolet-visible region (240-780nm), were investigated by UV/visible microspectro- photometer and used to analyze the spectral characteristics of different types of 14 microfibers, 12 inks of four colors and 44 automotive paints of two colors. Good results for discrimination were given from spectra of these samples due to the characteristic bands in uv/vis region, respectively.

• Analytical Science and Technology
• /
• v.13 no.1
• /
• pp.101-107
• /
• 2000

The automotive paints could be generally differentiated by color, layer sequence and chemistry of the paint layers comprising each of the topcoat and the primer system. The successful identification of hit-andrun a and traffic accidental vehicles from evidential paint fiagments is greatly facilitated with a comprehensive laboratory collection of reference paint samples and the technique for direct analysis without sample preparation. The Pyrolysis-Gas Chromatography(PGC) is a precise and reliable method for performing both quantitative and qualitative analysis of polymeric materials and forensic samples. Our Forensic Laboratory is conducting the examination and identification of 73 reference paint samples; 4 colors of each domestic automotive make that is popular in Korea, by Curie Point Pyrolyzer(JHP-3) and GC with capillary column(ultra alloy-5). This method can be used not only to compare paint traces with their suspected sources, but also to identify the type, make and model of the automotive car.

• Korean Chemical Engineering Research
• /
• v.55 no.1
• /
• pp.135-140
• /
• 2017

This paper is on a study for discrimination on relative sequence as a most actively discussed topic in forensic document fields. This paper describes the application of the visual spectral comparator and infinite focus microscope as observation methods for overlapping region of printing and writing lines. As a result, we could categorize overlapping region images and identify the sequence of printing and writing lines by various inks.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.197-201
• /
• 2011

검찰과 경찰에서는 압수수색을 통해 조사를 수행하는데, 기업들은 압수수색 수사를 받기 전에 회계 DB 및 회계 관련 파일 삭제, 파손 및 은닉하는 등의 문제점을 발생시키고 있다. 2008년 삼성화재 비자금 조성 사건과, 2009년 교하 복합커뮤니티 센터의 입찰비리 사건 등 기업회계장부의 포렌식 기술적용방법 문제 등이 발생하고 있다. 본 논문에서는 포렌식 수사 도구인 EnCase, FinalData 등을 연구하고, 기업의 회계 서버에 대해 압수수색 준비와 압수 수색, 획득 증거 분석 등의 절차를 연구한다. 기업의 회계 서버 압수수색 후에 디스크에서 포렌식 증거분석에서 실시되는 증거물 원본 파일보관, 원본성이 입증된 사본생성, 삭제 파일 검사 및 복원, 삭제 내용 확인, 원본 파일과의 대조를 실험을 한다. 본 연구 결과는 포렌식 기술발전에 기여하게 될 것이다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.9
• /
• pp.3068-3086
• /
• 2022

Digital Forensics is gaining popularity in adjudication of criminal cases as use of electronic gadgets in committing crime has risen. Traditional approach to collecting digital evidence falls short when the disk is encrypted. Encryption keys are often stored in RAM when computer is running. An approach to acquire forensic data from RAM when the computer is shut down is proposed. The approach requires that the investigator immediately cools the RAM and transplant it into a host computer provisioned with a tool developed based on cold boot concept to acquire the RAM image. Observation of data obtained from the acquired image compared to the data loaded into memory shows the RAM chips exhibit some level of remanence which allows their content to persist after shutdown which is contrary to accepted knowledge that RAM loses its content immediately there is power cut. Results from experimental setups conducted with three different RAM chips labeled System A, B and C showed at a reduced temperature of -25C, the content suffered decay of 2.125% in 240 seconds, 0.975% in 120 seconds and 1.225% in 300 seconds respectively. Whereas at operating temperature of 25℃, there was decay of 82.33% in 60 seconds, 80.31% in 60 seconds and 95.27% in 120 seconds respectively. The content of RAM suffered significant decay within two minutes without power supply at operating temperature while at a reduced temperature less than 5% decay was observed. The findings show data can be recovered for forensic evidence even if the culprit shuts down the computer.

• Applied Chemistry for Engineering
• /
• v.29 no.3
• /
• pp.356-361
• /
• 2018

It is common to analyze volatile organic compound (VOC) or semi-VOC (SVOC) in a sample composed of a complex matrix consisting of multiple components such as bloods through a separation process. Adsorption is a physical phenomenon in which certain components accumulate on the surface of other phases. In order to overcome difficulties in the pretreatment process, an adsorption is frequently used. Solid phase microextraction (SPME) equipment with porous carbon carboxen (CAR) is an example of adsorption application. In this study, the adsorption of 4-octylphenol to carboxen was examined. To do so, the extraction efficiency for such solvents as dichloromethane ($CH_2Cl_2$, DCM), ethylacetate ($CH_3COOC_2H_5$, EA) and diethylether ($C_2H_5OC_2H_5$, $Et_2O$) was studied and also the derivatization reaction for 4-octylphenol with reagents of bistrimethylsilyltrifluoroacetamide (BSTFA), methylchloroformate (MCF) and pentafluorobenzylbromide (PFBBr) was compared. The combination of DCM and BSTFA showed good performance thus they were adopted for this study. Thermodynamic adsorption experiments showed that the adsorption process was endothermic and Freundlich isotherm equation was more suitable than Langmuir isotherm. It was also found that the adsorption followed a pseudo-$2^{nd}$ order kinetic model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.9
• /
• pp.3751-3770
• /
• 2015

Many sorts of image processing software facilitate image editing and also generate a great number of doctored images. Forensic technology emerges to detect the unintentional or malicious image operations. Most of forensic methods focus on the detection of single operations. However, a series of operations may be used to sequentially manipulate an image, which makes the operation detection problem complex. Forensic investigators always want to know as much exhaustive information about a suspicious image's entire processing history as possible. The detection of the operation chain, consisting of a series of operations, is a significant and challenging problem in the research field of forensics. In this paper, based on the histogram distribution uniformity of a manipulated image, we propose an operation chain detection scheme to identify histogram equalization (HE) followed by the dither-like operation (DLO). Two histogram features and a local spatial feature are utilized to further determine which DLO may have been applied. Both theoretical analysis and experimental results verify the effectiveness of our proposed scheme for both global and local scenarios.

• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.525-533
• /
• 2015

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.1
• /
• pp.209-214
• /
• 2023

In the future, as autonomous vehicles become popular at home and abroad, the frequency of accidents involving autonomous vehicles is also expected to increase. In particular, when a fully autonomous vehicle is operated, various criminal/civil problems such as sexual violence, assault, and fraud between passengers may occur as well as the vehicle accident itself. In this case, forensics for accidents involving autonomous vehicles and accidents involving passengers in the vehicles are also about to change. This paper reviewed the types of security threats of autonomous vehicles, methods for maintaining the integrity of evidence data using blockchain technology, and research on digital forensics. Through this, it was possible to describe threats that would occur in autonomous vehicles using blockchain technology and forensic techniques for each type of accident in a scenario-type manner. Through this study, a block that helps forensics of self-driving vehicles before and after accidents by investigating forensic security technology of domestic and foreign websites to respond to vulnerabilities and attacks of autonomous vehicles, and research on block chain security of research institutes and information security companies. A chain method was proposed.