• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.489-499
• /
• 2017

MS office is a office software which is widely used in the world. The OOXML format has been applied to the document structure from MS office 2007 to the newest version. In this regard, the method of data concealing, which is a representative anti-forensic act has been researched and developed, so the method of detecting concealed data is very important to the digital forensic investigation. In this paper, we present an improved data concealing method bypassing the previewers detecting methods for OOXML formatted MS office documents. In addition, we show concealment of the internal data like sheets and slides for MS office 2013 Excel and PowerPoint, and suggest an improved detecting algorithm against this data concealing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.405-415
• /
• 2020

With the increase in smartphone user, mobile forensics has become an essential element in modern digital forensic investigation. Mobile messenger data is very important data in mobile forensics because it can acquire information such as user's life pattern and mental state. In order to analyze messenger data, a decryption technique of an encrypted messenger data is required. Since most messengers provide a message deleting function, a technique for recovering deleted messages is required. WeChat Messenger, a messenger used by about 1 billion people around the world, uses IMEI (International Mobile Equipment Identity) information to encrypt data and provides message deletion function. In this paper, we propose a data decryption method in the absence of IMEI information and propose a method for recovering deleted messages using FTS (Full Text Search) database created for full-text search function of SQLite database.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.2 no.1
• /
• pp.3-10
• /
• 1998

In this paper, a new superimposition scheme using a computer vision system was proposed with 7 pairs of skull and ante-mortem photographs, which were already identified through other tests and DNA fingerprints at the Korea National Institute of Scientific Investigation. At this computer vision system, an unidentified skull was caught by video-camcoder with the MPEG and a ante-mortem photograph was scanned by scanner. These two images were processed and superimposed using pixel processing. Recognition of the individual identification by anatomical references was performed on the two superimposed images. This image processing techniques for the superimposition of skull and ante-morterm photographs simplify used the previous approach taking skull photographs and developing it to the same size as the ante-mortem Photographs. This system using various image Processing techniques on computer screen, a more precise and time-saving superimposition technique could be able to be applied in the area of computer individual identification.

• The KIPS Transactions:PartC
• /
• v.19C no.4
• /
• pp.215-224
• /
• 2012

Today, individuals and businesses are a lot of paperwork through a computer. So many documents files are creating to digital type. And the digital type files are copied, moved by various media such as USB, E-mail and so on. A careful analysis of these digital materials can be tracked that occurred during the document editing work history. About these research are on the compound document file format, but has not been studied about the new OOXML format that how to analyze linkages between different document files, tracking an internal order, finding unsaved file for identify the process of creating the file. Future, the use of OOXML format digital documents will further increase, these document work history traceability in digital forensic investigation would be a big help. Therefore, this paper on the new OOXML format(has a forensic viewpoint) will show you how to track the internal order and analyze linkages between the files.

• Analytical Science and Technology
• /
• v.10 no.1
• /
• pp.1-8
• /
• 1997

We identified nicotine, cotinine and toluene in high school volunteer's urine by using GC/NPD, GC/FID and GC/MS. To analyze of nicotine and cotinine, urine samples were extracted with diethylether and centrifuged on a benchtop centrifuge for 5 min. The upper organic layer was injected into a GC. The distributions of nicotine and cotinine were $4{\sim}630{\mu}g/L$ and $63{\sim}1,602{\mu}g/L$ in smoking-group, respectively. To analyze of toluene, head space vial was filled with 2mL sodium citrate solution and 1mL of urine. The vial was warmed in a water bath at $55^{\circ}C$ for 20min, and then $250{\mu}L$ of head space air was injected into a GC. The result show that toluene was not detected in all of the volunteers' samples. However, the range of toluene was 0.1~28.0mg/L in glue sniffer's urine samples(NISI data).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.319-325
• /
• 2014

Since smart phones or tablet PCs have been widely used recently, the users can create and edit documents anywhere in real time. If the input and edit flows of documents can be traced, it can be used as evidence in digital forensic investigation. The typical document application is the MS(Microsoft) Office. As the MS Office applications consist of two file formats that Compound Document File Format which had been used from version 97 to 2003 and OOXML(Office Open XML) File Format which has been used from version 2007 to now. The studies on MS Office files were for making a decision whether the file has been tampered or not through detection of concealed items or analysis of documents properties so far. This paper analyzed the input order of text cells on MS Excel files and shows how to figure out what cell is the last edited in digital forensic perspective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1099-1105
• /
• 2017

Enterprises use different accounting programs to process vast amounts of accounting data. Due to the characteristic of the accounting program, in addition to the accounting data used by the accounting program, there is a variety of information to help detect accounting fraud. Existing forensic accounting techniques have limited scope of analysis because they analyze only accounting data like accounting ledger without using such information. When you do accounting fraud detection, information obtained from characteristics of accounting program can be used to obtain various information that can not be obtained by accounting data analysis alone. In this paper, we try to contribute to effective accounting fraud investigation by suggesting a technique to effectively detect accounting fraud by using other data obtained from characteristics of accounting program used in Windows system.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.491-498
• /
• 2016

Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.349-356
• /
• 2013

As various features of the smartphone have been used, a lot of information have been stored in the smartphone, including the user's personal information. However, a frequent update of the operating system and applications may cause a loss of data and a risk of missing important personal data. Thus, the importance of data backup is significantly increasing. Many users employ the backup feature to store their data securely. However, in the point of forensic view these backup files are considered as important objects for investigation when issued hiding of smartphone or intentional deletion on data of smartphone. Therefore, in this paper we propose a scheme that analyze structure and restore data for Kies backup files of Samsung smartphone which has the highest share of the smartphone in the world. As the experimental results, the suggested scheme shows that the various types of files are analyzed and extracted from those backup files compared to other tools.

• Journal of Korean Philosophical Society
• /
• v.142
• /
• pp.165-192
• /
• 2017

The purpose of this thesis is to explain the difference between Heidegger's hermeneutical philosophy and Gadamer's philosophical hermeneutics. The difference is to say that Heidegger's philosophy begins with Aristotle's theory of category and transcendental philosophy. On the other hand, the beginning of Gadamer's philosophical research is Plato's dialog, philosophy and Hegels dialectic. 2. Heidegger regards humanism as a variant of the modern ideal of human beings. On the contrary, Gadamer understands humanism as a place where romantism leads to the ideals of human education. 3. Heidegger says that the hermeneutical circle is still a logical and existential structure of the circle. On the contrary, Gadamer understands the circle as a circle between the whole and the part. This circle is the law of traditional hermeneutics derived from the tradition of rhetoric. 4. Heidegger says Plato's philosophy is the first beginning of the substance metaphysic, Hegel's philosophy the end of the subject metaphysic. On the contrary, Gadamer says the hermeneutical understanding and the hermeneutical interpretation is endless. 5. Heidegger's ontology is as Sein zum Tode a future oriented and eschatological. On the contrary, Gadamer's hermeneutic is as Sein zum Text always the way to a past, the infinite openness.