• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.8
• /
• pp.1687-1692
• /
• 2009

Cyber forensics is used the process and technology of digital forensics as a criminal investigation in cyber space. Cyber crime is classified into cyber terror and general cyber crime, and those two classes are connected with each other. The investigation of cyber terror requires high technology, system environment and experts, and general cyber crime is connected with general crime by evidence from digital data in cyber space. Accordingly, it is difficult to determine relational crime types, collect evidence and the legal admissibility of evidence. Therefore, we considered the classifications of cyber crime, the collection of evidence in cyber space and the application of laws to cyber crime. In order to efficiently investigate cyber crime, it is necessary to integrate those concepts for each cyber crime-case. In this paper, we constructed a cyber forensics domain ontology for cyber criminal investigation using the concepts, relations and properties, according to categories of cyber crime, laws, evidence, and information of criminals and crime-cases. This ontology can be used in the process of investigating of cyber crime-cases, and for data mining of cyber crime; classification, clustering, association and detection of crime types, crime cases, evidences and criminals.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.1
• /
• pp.209-214
• /
• 2023

In the future, as autonomous vehicles become popular at home and abroad, the frequency of accidents involving autonomous vehicles is also expected to increase. In particular, when a fully autonomous vehicle is operated, various criminal/civil problems such as sexual violence, assault, and fraud between passengers may occur as well as the vehicle accident itself. In this case, forensics for accidents involving autonomous vehicles and accidents involving passengers in the vehicles are also about to change. This paper reviewed the types of security threats of autonomous vehicles, methods for maintaining the integrity of evidence data using blockchain technology, and research on digital forensics. Through this, it was possible to describe threats that would occur in autonomous vehicles using blockchain technology and forensic techniques for each type of accident in a scenario-type manner. Through this study, a block that helps forensics of self-driving vehicles before and after accidents by investigating forensic security technology of domestic and foreign websites to respond to vulnerabilities and attacks of autonomous vehicles, and research on block chain security of research institutes and information security companies. A chain method was proposed.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.10
• /
• pp.421-428
• /
• 2021

The High Efficiency Image File Format (HEIF) is an MPEG-developed image format that utilizes the video codec H.265 to store still screens in a single image format. The iPhone has been using HEIF since 2017, and Android devices such as the Galaxy S10 have also supported the format since 2019. The format can provide images with good compression rates, but it has a complex internal structure and lacks significant compatibility between devices and software, making it not popular to replace commonly used JPEG (or JPG) files. However, despite the fact that many devices are already using HEIF, digital forensics research regarding it is lacking. This means that we can be exposed to the risk of missing potential evidence due to insufficient understanding of the information contained inside the file during digital forensics investigations. Therefore, in this paper, we analyze the HEIF formatted photo file taken on the iPhone and the motion photo file taken on the Galaxy to find out the information and features contained inside the file. We also investigate whether or not the software we tested support HEIF and present the requirement of forensic tools to analyze HEIF.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.515-530
• /
• 2013

The results of investigations into marine incidents have become an important basis in determining not only possible causes, but also the extent of negligence between the perpetrator and victim. However, marine incidents occur under special circumstances i.e. the marine environment, and this leads to difficulties in identifying causes due to problems in scene preservation, reenactment and acquisition of witnesses. Given the aforementioned characteristic of marine incidents, the International Convention for the Safety of Life at Sea (SOLAS) has adopted mandatory regulations on the carriage of Voyage Data Recorders (VDRs) and Automatic Identification Systems (AIS) for ships of a certain gross tonnage and upwards, so as to reflect recent developments in radio communication and marine technology. Adopted to provide an international standard for investigations and to promote cooperation, the Code of the International Standards and Recommended Practices for a Safety Investigation into a Marine Casualty or Marine Incident (Casualty Investigation Code) recommends member states to build capacity for analysis of VDR data. Against this backdrop, this paper presents methods for efficient investigations into the causes behind marine incidents based on data analysis of VDR, which serves as the black box of ships, as well as digital forensic techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1495-1502
• /
• 2015

Dashboard camera is important system to store the variable data that not only video but also non-visual information that state of vehicle such as accelerometer, speed, direction. Non-visual information include variable data that can't visualization, so it used important evidence to figure out the situation in accident. It could be missed to non-visual information what can be prove the case in the just digital video forensic procedure. In this paper, We proposal the digital forensic analysis procedure for dashboard camera to all data in dashboard camera extract and analysis data for investigating traffic accident case. And I analyze to some products in with this digital forensic analysis procedure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1057-1067
• /
• 2013

The market share of smartphones has been increasing more and more at the recent mobile market and smart devices and applications that are based on a variety of operating systems has been released. Given this reality, the importance of smart devices analysis is coming to the fore and the most important thing is to minimize data corruption when extracting data from the device in order to analyze user behavior. In this paper, we compare and analyze the area-specific changes that are the file system of collected image after obtaining root privileges on the Android OS and iOS based devices, and then propose the most efficient method to obtain root privileges.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.585-594
• /
• 2015

As the storage market has been expanded due to growing data size, the research on various kinds of storages such as cloud, USB, and external HDD(Hard Disk Drive) has been conducted in digital forensic aspects. NAS(Network-Attached Storage) can store the data over one TB(Tera Byte) and it is well used for private storage as well as for enterprise, but there is almost no research on NAS. This paper selects three NAS products that has the highest market share in domestic and foreign market, and suggests the process and method for data acquisition in live NAS System.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.57-67
• /
• 2013

Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.75-86
• /
• 2017

Docker, which is one of the various virtualization technology in server systems, is getting popular as it provides more lightweight environment for service operation than existing virtualization technology. It supports easy way of establishment, update, and migration of server environment with the help of image and container concept. As the adoption of docker technology increases, the attack motive for the server for the distribution of docker images and the incident case of attacking docker-based hosts would also increase. Therefore, the method and procedure of digital forensic investigation of docker-based host including the way to extract the filesystem of containers when docker daemon is inactive are presented in this paper.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.11
• /
• pp.2491-2496
• /
• 2010

Smart Phone with domestic demand increasing rapidly, the utilization of multimedia services have become diverse. Smart Phone users use the copyrighted multimedia contents illegally from hacking their Smart Phone with Jail Breaking and Rooting. Legal issues according to the Korea-U.S. FTA. and high relevance with crime as mobile communication terminal, the utilization of created and saved digital evidence is high, the mobile forensic evidence study is required. This paper studied method and notice of legal seizure and search assuming the Smart Phone copyright violation. Research the status of Smart Phone copyright violation and related violation by category as broadcasting, movies, music, e-book etc. Research the method of submit a report to the court by applying techniques to forensic. The results of this research will contribute to the provide of Smart Phone crime evidence and mobile forensic technology.