• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.118-122
• /
• 2013

Currently, under being related with confiscation method of digital store medium from the court of justice, "the sorting confiscation method of principle, the exceptional medium confiscation method" from in section3 no.106 of the criminal procedure code disregard the actual fields of investigation. What is more, there are many difficulties to execute cases by observing this for the achievement of confiscation purpose. At this point, I present the problems of the present confiscation search method and the desirable scene confiscation search method and the improvement program under the new technology circumstance.his is an example of ABSTRACT format.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.399-401
• /
• 2015

디지털 포렌식은 그동안 보안의 차선이 되어왔다. 디지털 포렌식은 늘 보안 사건이 일어난 후에만 사용되는 것으로 인식되었다. 산업의 규모가 커지고 보안의 범위가 넓어지면서 보안은 자본주의 사회에서 필수가 되었다. 이에 따라 디지털 포렌식의 역할은 중요해졌고 관심도 늘어나게 되었다. 하지만 보안 사건이 일어난 후, 그 뒤를 따라가는 것은 힘들고 한계가 있다. 특히 정보는 한번 새어나가면 걷잡을 수 없고, 경제적 손실도 막대하다. 또한 디지털 포렌식을 통해 증거를 수집한다고 해도 디지털 정보는 특성상 조작하기가 쉽기 때문에 법원에서 증거로 인정받기 위해서는 매우 까다로운 절차를 거쳐야 한다. 아직까지 한국에서는 디지털 증거를 어디까지 인정해야 하는지에 대한 명확한 기준이 없기 때문에 까다로운 절차를 거쳤다고 해서 증거로 인정받는다는 보장이 없다. 따라서 보안에 대해서는 예방하는 것이 최선이고 필수이다. 이 논문에서는 그동안 차선으로 인식되었던 디지털 포렌식 도구를 이용하여 보안 사건보다 한 발짝 앞서 보안을 관리하는 방법에 대해 검토하고자 한다.

• Journal of Korean Elementary Science Education
• /
• v.42 no.1
• /
• pp.109-126
• /
• 2023

In this study, I took the evidence-explanation (E-E) continuum perspective to examine the epistemological implications of scientific reasoning cases designed by preservice elementary teachers during their simulation teaching. The participants were four preservice teachers who conducted simulation instruction on the seasons and high/low air pressure and wind. The selected discourse episodes, which included cases of inductive, deductive, or abductive reasoning, were analyzed for their epistemological implications-specifically, the role played by the reasoning cases in the E-E continuum. The two preservice teachers conducting seasons classes used hypothetical-deductive reasoning when they identified evidence by comparing student-group data and tested a hypothesis by comparing the evidence with the hypothetical statement. However, they did not adopt explicit reasoning for creating the hypothesis or constructing a model from the evidence. The two preservice teachers conducting air pressure and wind classes applied inductive reasoning to find evidence by summarizing the student-group data and adopted linear logic-structured deductive reasoning to construct the final explanation. In teaching similar topics, the preservice teachers showed similar epistemic processes in their scientific reasoning cases. However, the epistemological implications of the instruction were not similar in terms of the E-E continuum. In addition, except in one case, the teachers were neither good at abductive reasoning for creating a hypothesis or an explanatory model, nor good at using reasoning to construct a model from the evidence. The E-E continuum helps in examining the epistemological implications of scientific reasoning and can be an alternative way of transmitting scientific reasoning.

• Journal of The Korean Association For Science Education
• /
• v.31 no.1
• /
• pp.128-142
• /
• 2011

The goal of this study was to investigate how hypotheses were elaborated after their initial appearances in the context of scientific problem solving. Data were collected from a class in which preservice elementary school teachers in groups carried out abductive inquiry of earth science. The analysis revealed two major processes of hypothesis elaboration: theory-driven and evidence-driven. The theory-driven process was in turn distinguished into two kinds of subprocesses: one is in pursuit of internal coherence and the other external coherence. The evidencedriven elaboration also had two subprocesses, which were triggered by direct evidence and indirect or analogical evidence, respectively. In addition, hypotheses were more often than not modified by a wrong theory or evidence whether it was driven by a theory or evidence. Implications for science education and related research were discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.417-428
• /
• 2020

With the rapid development of information and communication technology, mobile devices have become an essential tool in our lives. Mobile devices are used as important evidence in criminal proof, as they accumulate data simultaneously with PIM functions while working with users most of the time. The mobile forensics is a procedure for obtaining digital evidence from mobile devices and should be collected and analyzed in accordance with due process, just like other evidence, and the integrity of the evidence is essential because it has aspects that are easy to manipulate and delete. Also, the adoption of evidence relies on the judges' liberalism, which necessitates the presentation of generalized procedures. In this paper, a mobile forensics model is presented to ensure integrity through the generalization of procedures. It is expected that the proposed mobile forensics model will contribute to the formation of judges by ensuring the reliability and authenticity of evidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.647-659
• /
• 2023

As digital evidence becomes more important in criminal investigations, disputes are increasing in court. As media diversifies and the scope of analysis expands, the level of expertise in digital forensics is also increasing. However, no competency model has been developed to define the capabilities of digital evidence examiners or to judge their expertise. There have been some studies that have derived the capabilities necessary for digital evidence examiner, but they are still insufficient. Therefore, in this study, 25 competency evaluation factors in a total of 9 competency groups were defined using methodologies such as expert FGI and Delphi survey. Specifically, it was defined as Digital Forensics Theory, Digital Evidence Collection&Management, Disk Forensics, Mobile Forensics, Video Forensics, infringement forensics, DB Forensics, Embedded(IoT) Forensics, and Cloud Forensics. The digital evidence examiner competency model is expected to be used in various fields such as recruitment, education and training, and performance evaluation in the future.

• Journal of The Korean Association For Science Education
• /
• v.35 no.4
• /
• pp.599-608
• /
• 2015

This study aims to explore the characteristics of student inquiry found in project-based science practices. The participants were four high school students in a science research club and worked their own project for one semester. During the project, they made their research questions, planned and executed their research procedures, and made their own conclusion. Their activities during the project were videotaped and recorded. They were also interviewed. Group worksheets and written reports were all collected for analyses. The whole processes of the inquiry were analyzed and interpreted qualitatively. The characteristics of student inquiry were presented in the view of the theory-evidence-method coordination. Three different modes of the coordinations that were found recursively in their inquiry were the theory-evidence coordination, the evidence-method coordination, and the theory-evidence-method coordination. It was also revealed that students' tacit knowledge using various tools were exhibited and these skills improved during their group works. The implications for school science inquiry education and research based on this study are discussed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.299-301
• /
• 2017

현대사회에서는 사이버 해킹 공격이 많이 일어나고 있다. 공격이 증가함에 따라 이를 다양한 방법으로 방어하고 탐지하는 연구가 많이 이루어지고 있다. 본 논문은 OpenIOC, STIX, MMDEF 등과 같은 공격자의 방법론 또는 증거를 식별하는 기술 특성 설명을 수집해 놓은 표현들을 기반을 머신러닝과 logstash라는 로그 수집기를 결합하는 새로운 시스템을 제안한다. 시스템은 pc에 공격이 가해졌을 때 로그 수집기를 사용하여 로그를 수집한 후에 로그의 속성 값들의 리스트를 가지고 머신러닝 알고리즘을 통해 학습시켜 분석을 진행한다. 향후에는 제안된 시스템을 실시간 처리 머신러닝 알고리즘을 사용하여 필요로그정보의 구성을 해주면 자동으로 로그정보를 수집하고 필터와 출력을 거쳐 학습을 시켜 자동 침입탐지시스템으로 발전할 수 있을 것이라 예상된다.

• Review of KIISC
• /
• v.19 no.5
• /
• pp.45-51
• /
• 2009

개인용 컴퓨터의 디스크 용량 증가와 저장, 분석되어야 하는 방대한 양의 데이터는 포렌식 수집과 분석 시간을 점점 더 요구하고 있다. 이에 ETRI는 대용량 데이터에 대한 고속 수집 및 검색, 분석을 가능하게 하는 고속 포렌식 시스템을 개발하였다. 포렌식 분석은 질의어에 대한 검색의 연속된 과정이라고도 할 수 있어 고속 포렌식 시스템은 하드웨어 가속기를 이용하거나 인덱스를 구축하여 고속으로 데이터를 검색하는 기술을 제공한다. 또한, 안티포렌식 기법중 하나인 파일 암호화는 문서 열람을 불가능하게 해 증거 발견을 어렵게 한다. 이에 고속 포렌식 시스템은 제한된 수사 시간을 고려하여 고속으로 패스워드를 해독하는 기능을 제공한다.

• Review of KIISC
• /
• v.21 no.6
• /
• pp.49-56
• /
• 2011

다수의 사람과 파일을 공유할 수 있는 웹하드 서비스의 이점을 이용하여 각종 불법복제물 등의 업로드를 유도하고 다운로드를 통해 이득을 취하는 특수유형의 OSP(Online Service Provider, 온라인 서비스 제공자)들이 출현하게 되었다. 이런 범죄가 일어나는 업체의 데이터베이스에는 모든 이용자들의 관련 기록을 담고 있어 헤비업로더의 활동내역뿐만 아니라 업체측의 방조혐의 등의 증거를 추출할 수 있다. 본 논문에서는 특수유행 OSP들의 대용량 데이터베이스를 신속하고 정확하게 무결성을 유지하며 데이터베이스의 데이터를 수집할 수 있는 방법에 대해 연구해보고, 수집한 데이터 또한 신속하게 분석하는 방법을 제안하였다.