• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.753-761
• /
• 2017

Recently, malicious code infiltration and leakage of confidential documents using external USB medium are frequently occurring in each field. We investigate the media to investigate incidents using external USB media, but there are many difficulties in that they can be lost or damaged. Ultimately, in order to investigate cases of external USB media, it is necessary to conduct a direct analysis of the external USB media as well as the system to which the media is connected. This paper describes an analysis of the artifacts of Windows systems to which external USB media is connected, and how to check the job history on the media. Therefore, it is expected that the system can be used to analyze the job history of the USB medium even if the external USB medium is not secured.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.863-872
• /
• 2017

Digital material transferred to the court for litigation shall be disposed by the procedure in the court records management regulations and the digital material collected by the investigator in order to prove the suspect's allegation shall be disposed by the Supreme Public Prosecutor's Regulation No.876(digital material's regulation of collection, examine and management). the court ordered the disposal of digital material that is the subject of litigation based on the related laws when criminal lawsuits and civil lawsuits are finalized. however, there is no specific procedure to enforce the disposal order of the court, and the enforcement order stipulates that the enforcement agent is not a professional officer who has proven expertise but a related public official. there is a problem in the enforcement of digital material that the court ordered to disposal because it is not specified. therefore, this is paper proposes a procedure for effectively enforcing the court's order to revoke digital material.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.885-894
• /
• 2016

As smartphones become more common, anybody can take pictures and record videos easily nowadays. Video files taken from smartphones can be used as important clues and evidence. While you analyze video files taken from smartphones, there are some occasions where you need to prove that a video file was recorded by a specific smartphone. To do this, you can utilize various fingerprint techniques mentioned in existing research. But you might face the situation where you have to strengthen the result of fingerprinting or fingerprint technique can't be used. Therefore forensic investigation of the smartphone must be done before fingerprinting and the database of metadata of video files should be established. The artifacts in a smartphone after video recording and the database mentioned above are discussed in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• Journal of Korean Library and Information Science Society
• /
• v.35 no.4
• /
• pp.293-316
• /
• 2004

The best way of getting knowledge is reading in the Cho-sun dynasty, so getting books is the most interesting thing to the scholars. The most important way of getting books for scholars in Cho-sun dynasty is taking Bansabon published and given to scholars by government. but there is few data and few concrete studies of it. This study deals with the object and the scale of distribution of books on the basis of Bansagi ; king Jeong-jo published 『Kyujangjeonun』 distributed about 1,500 volumes to scholars and govermment agencies.

• Journal of Science and Technology Studies
• /
• v.3 no.1 s.5
• /
• pp.41-73
• /
• 2003

Personal genetic information is information about a person's genetic characteristics, which may reveal important information about private matters such as susceptibility to disease. Progress in genetics makes it much easier to obtain personal genetic information, and this leads to concerns about confidentiality and security of genetic information, and about possible genetic discrimination. This paper examines social issues related to human genetic information in terms of individual identification, diagnosis of diseases, and non-medical genetic test, and then tries to provide desirable citizens participation methods that can be used when making public policies related to genetic information protection.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.25-34
• /
• 2016

This study aims to prevent the serious threat from dangerous person or group by responding or blocking or separating illegal activities by use of SNA: Social Network Analysis. SNA enables to identify the complex social relation of suspect and individuals in order to enhance the effectiveness and efficiency of investigation. SNS has rapidly developed and expanded without restriction of physical distance and geo-location for making new relation among people and sharing large amount of information. As rise of SNS(facebook and twitter) related crimes, terrorist group 'ISIS' has used their website for promotion of their activity and recruitment. The use of SNS costs relatively lower than other methods to achieve their goals so it has been widely used by terrorist groups. Since it has a significant ripple effect, it is imperative to stop their activity. Therefore, this study precisely describes criminal and terrorist activities on SNS and demonstrates how effectively detect, block and respond against their activities. Further study is also suggested.

• Journal of Internet Computing and Services
• /
• v.21 no.3
• /
• pp.93-102
• /
• 2020

In order for data obtained through all stages of digital crime investigation to be recognized as evidence capability, it must satisfy legal / technical requirements. In this paper, we propose a mechanism and implement software to provide digital forensic evidence by automatically recovering files by scanning / inspecting the unallocated area inside the storage disk block without relying on information provided by the file system. The proposed technique checks / analyzes the RAW disk data of the system under analysis in 512-byte block units based on information on the storage format / file structure of various files stored on the disk without referring to the file system-related information provided by the operating system. The file carving process was implemented, and a smart carving mechanism was proposed to intelligently restore deleted or damaged files in the storage device. As a result, we have provided a block based smart carving method to intelligently identify fragmented and damaged files in storage efficiently for forgery analysis on digital forensic investigation.

• The Journal of the Korea Contents Association
• /
• v.17 no.6
• /
• pp.287-295
• /
• 2017

This study is aimed at observing effects of fingerprint image quality on various photographing conditions in the aspect of resolution. Discrimination between two friction ridges plays an important role in the value of fingerprint image, and it can be confirmed with quantification of pixels of boundary region which is existing between two friction ridges. In this study, several factors were estimated with same fingerprint image using Adobe photoshop CS 6 for analysis: changes of image quality by ISO, movement when photographing, and photographers' experience and skill. Consequently, there was no significant change of image quality by ISO. Furthermore, there was no significant difference in the hand-held images between crime scene investigators and laymen, yet there was significant difference between hand-held images and images using tripod in the aspect of resolution. This study shows that using tripod is very important in forensic fingerprint photography through empirical methods.

• Journal of Korean Society of Transportation
• /
• v.27 no.3
• /
• pp.149-160
• /
• 2009

The purpose of this study is to comparatively analyse the behavior patterns of the first and the repeated offenders in DWI, and to develope the models of BAC(Blood Alcohol Concentration) by using multiple regression analysis method and a model of repeated DWI conviction by using logistic regression analysis method. The main results are as follows. First, the repeated offenders are more in criminal and traffic accidents records than that of the first offenders. The unlicenced drivers are in higher BAC than licenced drivers. Second, multiple regression model of BAC was developed, and the model revealed that criminal records and driving distance were important factors. Third, a model of repeated DWI conviction was developed, and the model revealed that traffic accidents records, whether or not having licence, and criminal records were most important factors.