• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.143-154
• /
• 2011

SQLite is a small sized database engine largely used in embedded devices and local application software. The availability of portable devices, such as smartphones, has been extended over the recent years and has contributed to growing adaptation of SQLite. This implies a high likelihood of digital evidences acquired during forensic investigations to include SQLite database files. Where intentional deletion of sensitive data can be made by a suspect, forensic investigators need to recover deleted records in SQLite at the best possible. This study analyzes data management rules used by SQLite and the structure of deleted data in the system, and in turn suggests a recovery Tool of deleted data. Further, the study examines major SQLite suited software as it validates feasible possibility of deleted data recovery.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.55-65
• /
• 2011

Recently, use of cloud computing service is dramatically increasing due to wired and wireless communications network diffusion in a field of high performance Internet technique. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. In a view of digital forensic investigation, it is difficult to obtain data from cloud computing service environments. therefore, this paper suggests analysis method of AWS(Amazon Web Service) and Rackspace which take most part in cloud computing service where IaaS formats presented for data acquisition in order to get an evidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.771-783
• /
• 2012

This paper proposes a scheme to collect video data of the vehicle black box in order to strengthen the public safety. The existing schemes, such as surveillance system with the fixed CCTV and car black box, have privacy issues, network traffic overhead and the storage space problems because all video data are sent to the central server. In this paper, the central server only collects the video data related to the accident or the criminal offense using the GPS information and time in order to investigation of the accident or the criminal offense. The proposed scheme addresses the privacy issues and reduces network traffic overhead and the storage space of the central server since the central server collects the video data only related to the accident and the criminal offense. The implementation and experiment shows that our service is feasible. The proposed service can be used as a component of remote surveillance system to prevent the criminal offense and to investigate the criminal offense.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.353-363
• /
• 2021

As the Untact era is rapidly changing, collaboration tools are increasing their utilization and value as digital technologies for non-face-to-face work. While instant messenger-based collaboration tools support a variety of functions, crime and accident concerns are also increasing in proportion to their convenience, such as information leakage and security incidents. Meanwhile, the digital forensics perspective on collaborative tools is not enough, so forensics research is needed. This study analyzes significant artifacts in the two operating environments through Windows and Android forensics research on Microsoft Teams, the collaboration tool with the highest share in the world. Also, based on differences in artifacts and data attributes according to the operating environment, by applying 'differential forensic', we proved that the usefulness of evidence can be improved by presenting a complementary analysis method and timeline configuration through information linkage.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.12
• /
• pp.127-134
• /
• 2020

Recently, Harmful sites, including pornographic videos, drugs, personal information and hacking tool distribution sites, have caused serious social problems. However, due to the nature of the Internet environment where anyone can use it freely, it is difficult to control the user effectively. And the site operator operates by changing the domain to bypass the blockage. Therefore, even once identified sites have low persistence. In this paper, we propose multi-channel domain tracking technology, a technique that can effectively track changes in the domain addresses of harmful sites, including the same or similar content, by tracking changes in these harmful sites. Proposed technology is a technology that can continuously track information in a domain using OSINT technology. We tested and verified that the proposed technology was effective for domain tracking with a 90.4% trace rate (sensing 66 changes out of 73 domains).

• The Journal of the Korea Contents Association
• /
• v.22 no.6
• /
• pp.208-222
• /
• 2022

This study analyzes how Princess Deokhye's photos before entering elementary school were exploited in newspapers during the Japanese colonial period by introducing Roland Barthes' semiological methodology for analysis of photography. In the early 1920s, the Japanese imperialists actively exploited Princess Deokhye, who was about to enter elementary school, to propagate their education policy. The Maeil Shinbo cooperated with their policies by publishing photos and articles of Princess Deokhye. In this paper, 2 photos and articles published in Maeilshinbo were analyzed. As a result, it was found that messages were produced that justified Japanese education policy by using various rhetorical techniques of photography and texts complementary to each other, and that the readers were induced to accept them naturally. In conclusion, it was possible to reveal the seriousness of the problem in that these articles were not merely for propaganda of policy, but were to encourage the disappearance of the traditional values of Joseon.

• The Korea Journal of Herbology
• /
• v.28 no.1
• /
• pp.73-82
• /
• 2013

Objectives : Provides research basis on steaming processing method (SPM) as described in literatures 'Roegongpojaron', 'Pojadaebub', and 'Susajinam'. Methods : The following issues were considered for current investigation regarding herbal drugs: (i) categorizing SPM-applied drugs, (ii) protocols on the use of the supporting materials, (iii) kind of supporting materials, (iv) processing periods, (v) part of the herb plants, (vi) herbal efficacy, (vii) intrinsic properties and tastes of the herbal drugs, (viii) meridian tropism of the herbal drugs. Result : The number of herbal drugs was 70 species from 'Roegongpojaron', 73 from 'Pojadaebub', and 66 from 'Susajinam'. The abundance of supporting materials was in the order of alcohol, honey and tofu. The herbal parts of the roots, stem, fruit, and seed were most widely used. Based on herbal efficacy, a drug supplementing invigoration was used most, and a drug eliminating heat followed next. Based on four spirit features, herbs showing warm, cold, and mild features were used. In considering five tastes, herbs showing bitter and sweet tastes were used most. In considering meridian tropism, herbs converging to liver and kidneys were used, and drugs converging to 'Samcho, and gallbladder were not used. Conclusion : The present survey on SPM as described in 'Roegongpojaron', Pojadaebub', and 'Susajinam' indicates that there is a principal specialty on the use of supporting materials, steaming periods, steaming parts and efficacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1267-1277
• /
• 2021

The phone number used for advertising messages and voices used as bait in the voice phishing crime access stage is being used to send out a large amount of illegal loan spam, so we want to quickly block it. In this paper, our system is designed to block the usage of the phone number by rapidly restricting the use of the voice spam phone number that conducts illegal loan spam and voice phishing, and at the same time sends continuous calls to the phone number to prevent smooth phone call connection. The proposed system is a representative collaboration model between an illegal spam reporting agency and an investigation agency. As a result of developing the system and applying it in practice, the number of reports of illegal loaned voice spam and text spam decreased by 1/3, respectively. We can prove the effectiveness of this system by confirming that.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.609-619
• /
• 2023

Recently, crimes using drones, one of the IoT industries have been continuously reported. In particular, drones are characterized by easy access and free movement, so they are used for various crimes such as transporting explosives, transporting drugs, and illegal recording. In order to analyze and investigate these criminal acts, drone forensic research is highly emphasized. Media data, PII, and flight records are digital forensic artifacts that can be acquired from drones, in particluar flight records are important artifacts since they can be used to trace drone activities. Therefore, in this paper, the characteristics of the deleted flight record files of DJI drones are presented and verified using the Phantom3, Phantom4 andMini2 models, two drones with differences in characteristics. Additionally, the recovery level is analyzed using the flight record file characteristics, and lastly, drones with the capacity to recover flight records for each drone model and drone models without it are classified.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.647-659
• /
• 2023

As digital evidence becomes more important in criminal investigations, disputes are increasing in court. As media diversifies and the scope of analysis expands, the level of expertise in digital forensics is also increasing. However, no competency model has been developed to define the capabilities of digital evidence examiners or to judge their expertise. There have been some studies that have derived the capabilities necessary for digital evidence examiner, but they are still insufficient. Therefore, in this study, 25 competency evaluation factors in a total of 9 competency groups were defined using methodologies such as expert FGI and Delphi survey. Specifically, it was defined as Digital Forensics Theory, Digital Evidence Collection&Management, Disk Forensics, Mobile Forensics, Video Forensics, infringement forensics, DB Forensics, Embedded(IoT) Forensics, and Cloud Forensics. The digital evidence examiner competency model is expected to be used in various fields such as recruitment, education and training, and performance evaluation in the future.