• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.97-107
• /
• 2023

With the popularization of digital devices in the era of the 4th industrial revolution and the increase in cyber crimes targeting them, the importance of securing digital data evidence is emerging. However, the difficulty in securing digital data evidence is due to the use of anti-forensic techniques that increase analysis time or make it impossible, such as manipulation, deletion, and obfuscation of digital data. Such anti-forensic is defined as a series of actions to damage and block evidence in terms of digital forensics, and is classified into data destruction, data encryption, data concealment, and data tampering as anti-forensic techniques. Therefore, in this study, anti-forensic techniques are categorized into data concealment and deletion (obfuscation and encryption), investigate and analyze recent research trends, and suggest future anti-forensic research directions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.43-51
• /
• 2010

It is meaningful to investigate data in unallocated space because we can investigate the deleted data. Consecutively complete file recovery using the File Carving is possible in unallocated area, but noncontiguous or incomplete data recovery is impossible. Typically, the analysis of the data fragments are needed because they should contain large amounts of information. Microsoft Word, Excel, PowerPoint and PDF document file's text are stored using compression or specific document format. If the part of aforementioned document file was stored in unallocated data fragment, text extraction is possible using specific document format. In this paper, we suggest the method of extracting a particular document file text in unallocated data fragment.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.6
• /
• pp.855-861
• /
• 2013

Smartphone is very useful for use in the real life through the improvement of computing power, faster data rate and the variety of applications. On the other hand, using the smartphone has been exposed to a lot of crime. Also, it occurs attempting to delete a data of smartphone memory by anti-forensic tools. In this paper, we investigate and analyze the anti-forensic tools used in the Android smartphone to study the characteristics and techniques of anti-forensic tools. In addition, experiments are performed to validate the availability of anti-forensic tools by the Oxygen Forensic Suite that is a commercial forensic tool.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.15-20
• /
• 2017

Cloud computing is a service that to use IT resources (software, storage, server, network) through various equipment in an Internet-enabled environment. Due to convenience, efficiency, and cost reduction, the utilization rate has increased recently. However, Cloud providers have become targets for attack Also, Abuse of cloud service is considered as the top security threat. The existing digital forensic procedures are suitable for investigations on individual terminals. In this paper, we propose a new investigation model by analyzing the vulnerable points that occur when you investigate the cloud environment with the existing digital forensic investigation procedure. The proposed investigation model adds a way to obtain account information, and can apply public cloud and private cloud together. Cloud services are also easily accessible and are likely to destroy digital evidence. Therefore, the investigation model was reinforced by adding an account access blocking step.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.1
• /
• pp.105-110
• /
• 2011

Embezzlement incident of staff at the casino occurred. Staff of some casinos have lower job satisfaction, moral gap is seriously considering a change jobs. In addition, cash lure of large amounts and a lack of money management system causes embezzlement incident. In this paper, the uniqueness of the casino industry and that employee job satisfaction is investigated. Content analysis of occurrence for casino embezzlement incident and tracking that bank account and bank check, suspect's call list, and so on that digital forensic investigation technology will be studied. Problems and solutions suggest that conducted a loss prevention program, a digital forensics technology and introduce of investigator. Through this study, the computerization of the casino business to embezzlement accident prevent will contribute to that give back profits of property to society, the develop of forensic investigation technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.71-82
• /
• 2011

Live data in physical memory can be acquired by live forensics but not by harddisk file-system analysis. Therefore, in case of forensic investigation, live forensics is widely used these days. But, existing live forensic methods, that use command line tools in live system, have many weaknesses; for instance, it is not easy to re-analyze and results can be modified by malicious code. For these reasons, in this paper we explain the Windows kernel architecture and how to analyze physical memory dump files to complement weaknesses of traditional live forensics. And then, we design and implement the Physical Memory Dump Explorer, and prove the effectiveness of our tool through test results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1351-1364
• /
• 2019

When SCADA is exposed to cyber threats and attacks, serious disasters can occur throughout society. This is because various security threats have not been considered when building SCADA. The bigger problem is that it is difficult to patch vulnerabilities quickly because of its availability. Digital forensics procedures and techniques need to be used to analyze and investigate vulnerabilities in SCADA systems in order to respond quickly against cyber threats and to prevent incidents. This paper addresses SCADA forensics taxonomy and research trends for effective digital forensics investigation on SCADA system. As a result, we have not been able to find any research that goes far beyond traditional digital forensics on procedures and methodologies. But it is meaningful to develop an approach methodology using the characteristics of the SCADA system, or an exclusive tool for SCADA. Analysis techniques mainly focused on PLC and SCADA network protocol. It is because the cyber threats and attacks targeting SCADA are mostly related to PLC or network protocol. Such research seems to continue in the future. Unfortunately, there is lack of discussion about the 'Evidence Capability' such as the preservation or integrity of the evidence extracting from SCADA system in the past researches.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.9
• /
• pp.2055-2062
• /
• 2013

Digital evidence which is the new form of evidence to crime makes little difference in value and function with existing evidences. As time goes on, digital evidence will be the important part of the collection and the admissibility of evidence. Usually a digital forensic investigator has to spend a lot of time in order to find clues related to the investigation among the huge amount of data extracted from one or more potential containers of evidence such as computer systems, storage media and devices. Therefore, these evidences need to be ranked and prioritized based on the importance of potential relevant evidence to decrease the investigate time. In this paper we propose a methodology which prioritizes order in which evidences are to be examined in order to help in selecting the right evidence for investigation. The proposed scheme is based on Fuzzy Multi-Criteria Decision Making, in which uncertain parameters such as evidence investigation duration, value of evidence and relation between evidence, and relation between the case and time are used in the decision process using the aggregation function in fuzzy set theory.

• The KIPS Transactions:PartC
• /
• v.19C no.4
• /
• pp.215-224
• /
• 2012

Today, individuals and businesses are a lot of paperwork through a computer. So many documents files are creating to digital type. And the digital type files are copied, moved by various media such as USB, E-mail and so on. A careful analysis of these digital materials can be tracked that occurred during the document editing work history. About these research are on the compound document file format, but has not been studied about the new OOXML format that how to analyze linkages between different document files, tracking an internal order, finding unsaved file for identify the process of creating the file. Future, the use of OOXML format digital documents will further increase, these document work history traceability in digital forensic investigation would be a big help. Therefore, this paper on the new OOXML format(has a forensic viewpoint) will show you how to track the internal order and analyze linkages between the files.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.43-46
• /
• 2008

디지털 증거의 수집은 컴퓨터 포렌식 수사절차에서 매우 중요하다. 디지털 증거는 특히 용의자가 범죄 과정에서 노출한 증거들을 획득한다는 것에 의미가 있으며, 현재 이러한 디지털 증거 수집을 위한 많은 도구들이 활용되고 있다. 그 중 LiveCD는 대상 운영체제의 영향을 받지 않고, CD 자체를 통해 저장된 다양한 포렌식 툴을 사용 할 수가 있다. 또한 여러 종류의 파일 시스템을 지원하기 때문에 초기 대응에 아주 유용하게 사용되며, 위 과정을 통해 수집된 데이터는 무결성 검증을 통해 증거 수사에 활용된다. 현재 여러 가지 LiveCD를 수사에 활용하고 있으나, 각 도구들 마다 지원하는 포렌식 툴이 다르고 지원하는 운영체제도 다양하다. 따라서 상황에 따라 적절한 LiveCD를 활용하는 것은 매우 중요하며, 이를 통해 증거의 수집을 용이하게 할 수 있다. 따라서 본고에서는 국외의 포렌식용 LiveCD 현황에 대한 조사 및 비교 분석하여 국내 수사 환경을 고려한 LiveCD 활용 방안에 대해 제시 한다.