• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.407-416
• /
• 2018

Instagram is a Social Network Service(SNS) that has recently become popular among people of all ages and it makes people to construct social relations and share hobbies, daily routines, and useful information. However, since the uploaded information can be accessed by arbitrary users and it is easily shared with others, frauds, stalking, misrepresentation, impersonation, an infringement of copyright and malware distribution are reported. For this reason, it is necessary to analyze Instagram from a view of digital forensics but the research involved is very insufficient. So in this paper, We performed reverse engineering and dynamic analysis of Instagram from a view of digital forensics in the Android environment. As a result, we checked three database files that contain user behavior analysis data such as chat content, chat targets, posted photos, and cookie information. And we found the path to save 4 files and the xml file to save various data. Also we propose ways to use the above results in digital forensics.

• Annual Conference of KIPS
• /
• 2012.11a
• /
• pp.1333-1335
• /
• 2012

이 연구에서는 전자기록물의 일반적인 특징과 법적 증거능력에 대해서 조사하고 이를 통해 국가기록원을 비롯한 기록보존소에서 관리하는 전자기록들의 증거능력에 대해 고찰하였다. 또한 디지털 증거를 수집 분석하여 법정에 제출하기 위한 분야인 디지털 포렌식(Digital Forensics)에서의 절차 및 기술을 통해 전자기록관리 프로세스에서 전자기록의 증거능력을 확보하기 위한 기초적인 방안을 제시한다.

• Journal of Digital Forensics
• /
• v.13 no.4
• /
• pp.231-244
• /
• 2019

Digital evidence is crucial to issues that require not only cybercrime but also to prove the facts of the cyber environment. While digital evidence has traditionally been collected from physically specific media, it is often impossible to specify the physical location of the data as cloud and distributed processing technologies evolve, requiring a ways of collecting data remotely. However, existing procedures or rules for collecting data from remote locations only emphasize fundamental conditions such as integrity and audit tracking, but there are many ambiguity when applied to actual collection. In addition, the threat of falsification that occurs when collecting data from remote locations was not considered. In this paper, we propose a framework that can ensure the reliability of the collection environment and the reliability of the network to show that it has not been falsified and that data that exists remotely has been collected as it was originally. It also implements this framework as a virtual environment and collects digital evidence from remote locations through case studies to discuss its effectiveness.

• Journal of Advanced Navigation Technology
• /
• v.17 no.1
• /
• pp.63-68
• /
• 2013

Recently, companies seek a way to overcome their financial crisis by reducing costs in the field of IT. In such a circumstance, cloud computing is rapidly emerging as an optimal solution to the crisis. Even in a digital forensic investigation, whether users of an investigated system have used a cloud service is a very important factor in selecting additional investigated subjects. When a user has used cloud services, such as Daum Cloud and Google Docs, it is possible to connect to the could service from a remote place by acquiring the user's log-in information. In such a case, evidence data should be collected from the remote place for an efficient digital forensic investigation, and it is needed to conduct research on the collection and analysis of data from various kinds of cloud services. Thus, this study suggested a digital forensic framework considering cloud environments by investigating collection and analysis techniques for each cloud service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.565-573
• /
• 2012

To investigate the business corruption, the obtainments of the business data such as personnel, manufacture, accounting and distribution etc., is absolutely necessary. Futhermore, the investigator should have the systematic extraction solution from the business data of the enterprise database, because most company manage each business data through the distributed database system, In the general business environment, the database exists in the system with upper layer application and big size file server. Besides, original resource data which input by user are distributed and stored in one or more table following the normalized rule. The earlier researches of the database structure analysis mainly handled the table relation for database's optimization and visualization. But, in the point of the digital forensic, the data, itself analysis is more important than the table relation. This paper suggests the extraction technique from the table relation which already defined in the database. Moreover, by the systematic analysis process based on the domain knowledge, analyzes the original business data structure stored in the database and proposes the solution to extract table which is related incident.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.91-100
• /
• 2007

Nowadays, there exist many forensic tools in forensic investigation. For common investigator it may cause some difficulty in handling the existing forensic tools. In case of urgent condition, if it takes long time to get the useful evidence from data, then it makes the investigation process difficult. Thus, the common investigator can collect the evidence easily by simple clicking the mouse. The only thing he needs is a tool for examination before investigating in details. Therefore, in this paper we refer to useful information in the forensic investigation, discuss the design and the implementation of tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.203-212
• /
• 2013

Recently, cloud computing is one of the parts showing the biggest growth in the IT market and is expected to continue to grow into. Especially, many companies are adopting virtual desktop infrastructure as private cloud computing to achieve in saving the cost and enhancing the efficiency of the servers. However, current digital forensic investigation methodology of cloud computing is not systematized scientifically and technically. To do this, depending on the type of each cloud computing services, digital evidence collection system for the legal enforcement should be established. In this paper, we focus on virtual desktop infrastructure as private cloud computing and introduce the most widely used around the world desktop virtualization solutions of VMware, Citrix, and Microsoft. And We propose digital forensic investigation methodology for private cloud computing that is constructed by these solutions.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.149-153
• /
• 2011

2010년에는 국내에 Smart Phone이 확산되면서, Smart Phone은 단순한 음성통신정보 전달 이외에 기존의 인터넷 PC가 정보를 전달 할 수 있는 전자책, 영화, 음악, 콘텐츠 영역으로 확장되고 있다. 하지만 Smart Phone 사용자들은 멀티미디어 저작권 콘텐츠를 불법으로 이용하고 있다. 또한 이동통신 단말로서 Smart Phone관련 범죄 증거의 생성, 저장된 디지털 증거는 증거의 활용도가 높아 모바일 포렌식 연구가 필요하다. 본 논문에서 Smart Phone에서 저작권 위반 내용들을 전자책, 영화, 음악, 콘텐츠 영역으로 조사한다. 저작권 위반 Smart Phone 증거자료를 추출하고 분석하기 위한 SYN 방식과 JTAG 방식을 연구한다. Smart Phone SYN 방식과 JTAG 방식으로 Smart Phone의 저작권 위반 자료를 추출하여 복원하고, 자료를 분석하였다. 본 연구 결과는 저작권위반 단속 기술 향상과 포렌식 수사 기술 발전에 기여 할 수 있을 것이다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.59-66
• /
• 2017

MySQL database is the second place in the market share of the current database. Especially InnoDB storage engine has been used in the default storage engine from the version of MySQL5.5. And many companies are using the MySQL database with InnoDB storage engine. Study on the structural features and the log of the InnoDB storage engine in the field of digital forensics has been steadily underway, but for how to restore on a record-by-record basis for the deleted data, has not been studied. In the process of digital forensic investigation, database administrators damaged evidence for the purpose of destruction of evidence. For this reason, it is important in the process of forensic investigation to recover deleted record in database. In this paper, We proposed the method of recovering deleted data on a record-by-record in database by analyzing the structure of MySQL InnoDB storage engine. And we prove this method by tools. This method can be prevented by database anti forensic, and used to recover deleted data when incident which is related with MySQL InnoDB database is occurred.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.215-218
• /
• 2010

Smart Phone with domestic demand increasing rapidly, the utilization of multimedia services have become diverse. Accordingly, Smart Phone users to hack their Jail Breaking and Rooting and illegal use of the multimedia content is copyrighted. Also relevant to mobile communication terminal as a high crime, create, and the digital evidence increases the utilization of the mobile forensic evidence is required to study. In this paper, Smart Phone Copyright Violation and Forensic Apply Method research. Smart Phone Status and related violations of copyright infringement, broadcasting, film, music, e-book, etc. for each survey item, and how to apply for forensics were studied. This study investigated the development and forensic science will be able to contribute to the development.