• The KIPS Transactions:PartC
• /
• v.17C no.4
• /
• pp.335-346
• /
• 2010

Mac OS X is the Computer Operating System that develop in Apple Inc. Mac OS X is the successor to Mac OS 9 Version which had been Apple's primary operating system since 1984. Recently, Mac OS X 10.6 (Snow Leopard) has been manufactured and is distributed to user. Apple's Mac OS X Operating System is occupying about 10% in the world Operating System market share. But, Forensic tools that is utilized on digital forensic investigation can not forensic analysis about Mac OS X properly. To do forensic investigation about Mac OS X, information connected with user's action and trace can become important digital evidence in Operating System. This paper presents way about user trace data acquisition methodology in Mac OS X.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.7
• /
• pp.173-180
• /
• 2016

Since smartphones possess a variety of user information, we can derive useful data related to the case from app data analysis in the digital forensic perspective. However, it requires an appropriate forensic measure as smartphone has the property of high mobility and high possibility of data loss, forgery, and modulation. Especially the forged/modulated time-stamp impairs the credibility of digital proof and results in the perplexity during the timeline analysis. This paper provides traces of usage which could investigate whether the time-stamp has been forged/modulated or not within the range of iOS based devices.

• The Journal of Korean Association of Computer Education
• /
• v.17 no.3
• /
• pp.75-84
• /
• 2014

It is a current situation that a large number of physical and financial damages are increasing due to the growth of intellectual cyber crime and unexpected Internet incidents year by year. In the large scale security incidents, digital forensics techniques for computer crime investigations are essential to secure a place in the field. However, qualified digital forensics investigators who complete with digital security technology are practically insufficient in domestic. In this paper, as one of developing human resources plans regarding to scientific investigation of Internet security incidents, an undergraduate curriculum per stage in digital forensics was proposed. For the effective curriculum per stage, the interviews, group discussion on focused group of existing digital forensics investigators and related research were performed to select curriculum, and then the level of difficulty and practical suitability on each subject designed were analyzed through survey and interview to current investigators and security professionals. After collating the survey, the digital forensic curriculum per level was designed to highly adaptable workforce for the future for working and positive suggestions and proposals are addressed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.851-860
• /
• 2014

With an increasing demand of powerful electronic goods, smart TV containing network module with digital TV gets more popular. These change are meaningful from a digital forensics perspective because smart TV store more user's data than digital TV. In this paper, we suggest smart TV forensics as a branch of digital forensics. With smart TV forensics, investigator can trace more wide age group's activities than existing digital forensics analysis.

• Proceedings of the Korea Contents Association Conference
• /
• 2016.05a
• /
• pp.317-318
• /
• 2016

급속한 현대사회의 정보화로 인하여 개인 정보에 대한 정보 유출 및 위협의 빈도가 높아지고 있는 상황에서 기존의 디지털 포렌식 수사 모델에서 사용하고 있는 해시 검색 프로세스는 개인정보 노출에 취약한 파일이 존재하고 있다. 이에 본 논문에서는 개인정보 노출 취약점 진단을 추가한 해시 검색 프로세스를 제안한다. 이를 통하여 정밀 조사와 일반 조사 대상을 정확하게 파악할 수 있을 것으로 기대된다.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.23-29
• /
• 2020

These days, digital forensic technologies are being used frequently at crime scenes. There are various electronic devices at the scene of the crime, and digital forensic results of these devices are used as important evidence. In particular, the user's action and the time when the action took place are critical. But there are many limitations for use in real forensics analyses because of the short cycle in which user actions are recorded. This paper proposed an efficient method for recovering deleted user behavior records and applying them to forensics investigations, then the proposed method is compared with previous methods. Although there are difference in recovery result depending on the storage, the results have been identified that the amount of user history data is increased from a minimum of 6% to a maximum of 539% when recovered user behavior was utilized to forensics investigation.

• Journal of Advanced Navigation Technology
• /
• v.15 no.5
• /
• pp.887-892
• /
• 2011

Recently iPad has been released, so users interest in new portable device is increasing. As markets grow, experts are forecasting a increase of investigation about tablet PC. However iPad forensics is very difficult using existing smart phone forensic softwares. especially, those softwares can't analyze korean mobile application. This paper describes collecting/analyzing technique for iPad.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.189-191
• /
• 2022

In modern society, messenger services are necessary to communication with others, and criminals are no exception. In representative cases of Burning Sun Gate(2018) and NthRoom(2019), messenger data analysis was used as a smoking gun to solve these criminal cases. Therefore messenger text analytics is critical for the resolution of crimes in a modern environment. also, it takes a lot of time to analyze messenger data in the digital forensic investigation process, so researchers in text mining need to be more effective to respond with the current situation In this paper, we study various natural language preprocessing(NLP) methods according to the characteristics of instant messages to effectively proceed with NLP analysis on instant messengers.

• Annual Conference of KIPS
• /
• 2021.05a
• /
• pp.521-524
• /
• 2021

HEIF (High Efficiency File Format)는 MPEG에서 개발된 이미지 포맷으로써, 비디오 코덱인 H.265를 활용하여 정지된 화면을 하나의 이미지 형태로 저장할 수 있도록 개발된 컨테이너이다. 아이폰은 2017년부터 HEIF를 사용하고 있으며, 2019년부터는 갤럭시 S10과 같은 안드로이드 기기도 해당 포맷을 지원하고 있다. 이 포맷은 우수한 압축률을 가지도록 이미지를 제공할 수 있으나, 복잡한 내부 구조를 가지고 있으며 기기나 소프트웨어 간 호환성이 현저하게 부족하여 일반적으로 사용되는 JPEG(또는 JPG) 파일을 대체하기에는 아직 대중적이지 못한 상황이다. 하지만 이미 많은 기기에서 HEIF를 사용하고 있음에도 불구하고 디지털 포렌식 연구는 부족한 상황이다. 이는 디지털 포렌식 조사 과정에서 파일 내부에 포함된 정보의 파악이 미흡하여 잠재적인 증거를 놓칠 수 있는 위험에 노출될 수 있다. 따라서 본 논문에서는 아이폰에서 촬영된 HEIF 형식의 사진 파일과 갤럭시에서 촬영된 모션 포토 파일을 분석하여 파일 내부에 포함된 정보와 특징들을 알아본다. 또한 이미지 뷰어기능을 지원하는 소프트웨어를 대상으로 HEIF에 대한 지원 여부를 조사하고 HEIF 뷰어를 분석하는 포렌식 도구의 요구사항을 제시한다.

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1212-1219
• /
• 2011

As recently Privacy Acts in Korea enforced in domestic companies' personal information management needs of a growing obligation for the safety measures and the right of personal information collection, use, limitations, management, and destroyed specifically for handling personal information. Such this regulations should be required technical and policy supports. Accordingly, for the enterprise incident has occurred, the personal information management system behave correctly operating to verify that the safety measures taken, and be determined by the specific preparation to be done. So the first, preparation phase corresponds to the upcoming digital forensic investigation model. On the other hand, the response team also carried these measures out correctly, it needs to be done to check the compliance of Privacy Act. Thus a digital forensics investigation model is strictly related with the implementation of the Privacy Acts and improve the coping strategies are needed. In this paper, we suggest a digital forensic investigation model corresponding to Privacy Act.