• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.01a
• /
• pp.303-305
• /
• 2011

수많은 웹로그 히스토리의 자료에서 컴퓨터 사이버범죄에 대한 증거자료로 채택되기 위한 기술적인 웹 포렌식 자료의 추출에 사용되는 웹 포렌식 알고리즘은 필수적인 요소이다. 본 논문에서는 웹 로그 시나리오 작성을 제안하고 설계하여, 웹 포렌식을 통한 컴퓨터 사이버범죄에 대한 학문적 기술적 발전에 기여하고자 하는데 본 논문의 목적이 있다. 수많은 웹로그 자료에서 컴퓨터 사이버 범죄에 대한 증거 자료로 채택되기 위한 기술적인 웹 포렌식 자료의 추출에 사용되는 웹 로그 분석 알고리즘은 필수적인 요소이다. 본 논문에서는 웹 포렌식 알고리즘을 제안하고 설계하여, 실제 기업의 웹 서버 시스템에 제안한 알고리즘을 구현해 본다. 웹 서버에서 웹 로그 분석을 위해 사용한 웹 포렌식 알고리즘과 플로우를 설계하고 코딩을 통한 구현을 한다. 구현 결과 웹 포렌식을 통한 컴퓨터 사이버 범죄에 대한 학문적 기술적 발전에 기여하고자 하는데 본 논문의 목적이 있다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.238-241
• /
• 2022

North Korea launched an ICBM and declared Moratorium for the September 19 military talks. The Armed Forces must protect military security for national defense and security. The Ministry of National Defense, which received a hacking attack from North Korea, must protect its military security even more. Recently, the leakage of military data through smartphones is occurring through smartphones. Officers and non-commissioned officers can use smartphones while working. Therefore, smartphone forensics is required to check information leakage of military data from smartphones. In this study, forensic leaks of military data from the Galaxy S20 model of S company. Research integrity verification for securing smartphone forensic evidence, securing metadata, and adopting evidence. This study will contribute to the development of military security and forensic technology.

• Agrochemical news magazine
• /
• v.19 no.5 s.146
• /
• pp.20-21
• /
• 1998

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10d
• /
• pp.71-76
• /
• 2007

정보 통신기술의 발전으로 단말기와 네트워크에 독립적인 부가서비스를 이용할 수 있는 개방형 가입자인증 카드인 USIM(Universal Subscriber Identification Module) 카드가 이용되고 있다. 모바일 정보기기의 성능 향상으로 다양한 기능이 추가되고 USIM에 저장된 개인정보의 중요성이 부각되어 범죄 도구로 이용될 가능성이 높아 졌으며 법정 증거자료로서의 중요성도 증가되었다. 모바일 포렌식은 기존의 데이터 저장장치와는 다른 파일시스템을 가지고 있기 때문에 거기에 맞는 전용 포렌식 툴들이 필요하며, USIM과 관련된 범죄가 일어날 때, 자료의 복구와 빠른 검사를 통해 법적 증거화 시킬 수 있는 USIM 포렌식 틀을 요구한다. 본 논문에서는 USIM의 기본적인 구조와 파일시스템을 분석하고 USIM 포렌식 관점에서 증거화 시킬 수 있는 다양한 유형과 절차들을 알아보고, 현재 사용 중인 USIM 포렌식 툴들에 대해 비교 분석한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.6C
• /
• pp.512-519
• /
• 2008

The proof of a cellular phone used to a crime important data of a criminal investigation and legal judgment become. A lot of on a process use the file format that do not become that is kind of various cellular phones and model pipe, and collect criminal proof, and to analyze be difficult. Also, standardization is not made, and can be adopted on procedures from confiscation search processes regarding a cellular phone to integrity extractions of Forensic data in courts in the confiscation criminal investigation spots. Standardize confiscation search procedures of a cellular phone at these papers. Use a radio waves interception envelope and radio waves interception device for a movement which a security does integrity of criminal on-site cellular phone confiscation search data by standard procedures, and was devoted to. Analyze corroborative facts of a cellular phone seized, and verify integrity, and present problems regarding cellular phone confiscation search procedures and measures, and will contribute in development of Mobile Forensic through integrity damage experiment.

• Journal of Platform Technology
• /
• v.11 no.4
• /
• pp.35-49
• /
• 2023

Recently, real-time cyber threats are constantly occurring for various reasons. Most companies have the characteristic of digitizing important internal information and storing it centrally, so it can be said that the impact is very high when an Computer Security Incident occurs. All electronic device information collected and analyzed in the process of responding to an Computer Security Incident has the characteristic of being subject to change at any time. Submission of related evidence is required in future investigations and courts. At this time, the basic principles of digital forensics, such as the principle of integrity and the principle of chain of custody, must be followed to ensure legitimacy and accuracy of the evidence. In this paper, we propose a digital forensic-based Computer Security Incident Inspection and Response procedure in the Windows 10 environment to secure the legitimacy and accuracy of digital evidence collected and analyzed when an intrusion occurs, prevent intrusion in advance, and quickly recognize it.

• Journal of The Korean Association For Science Education
• /
• v.28 no.5
• /
• pp.495-505
• /
• 2008

The purpose of this study was to analyze the level of evidence used in gifted elementary students' argumentation. The subjects were 15, 5th and 6th grade students selected in the Science Education Institute for Gifted Youth in K University. After the argumentation task was given to students 2 weeks ago, the students grouped themselves in the affirmative and negative and took part in a debate for 2 hours. Their argumentation process was observed, recorded and transcribed for analysis. Transcribed data was given a Protocol Number according to priority and was examined to find out what were the characteristics when students participated in the task. The evidence used in argumentation was graded from level 1 to level 6 according to Perella's Hierarchy of Evidence and the rate of frequency classified by the level was expressed in graph. Students used Level 1- Level 2 evidence above 50% without for or against task. They had weak argumentation making use of low-level evidence such as individual experience, opinion and another person's experience rather than objective evidences. On the other hand, students commented on the lack of opponent's evidence when they could not trust an opponent's evidence. If one team asked the other to present more evidence but could not, they disregarded the question and turned to another topic. And in cases where the opponent team refuted with evidences of high level, the other team just repeated their claim or evaded the rebuttal. The students tended to complete the argument without the same conclusions with some interruptions. The results show that we need an educational programs including scientific argumentation for science-gifted elementary school students.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.57-67
• /
• 2013

Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.

• Journal of The Korean Association For Science Education
• /
• v.31 no.1
• /
• pp.128-142
• /
• 2011

The goal of this study was to investigate how hypotheses were elaborated after their initial appearances in the context of scientific problem solving. Data were collected from a class in which preservice elementary school teachers in groups carried out abductive inquiry of earth science. The analysis revealed two major processes of hypothesis elaboration: theory-driven and evidence-driven. The theory-driven process was in turn distinguished into two kinds of subprocesses: one is in pursuit of internal coherence and the other external coherence. The evidencedriven elaboration also had two subprocesses, which were triggered by direct evidence and indirect or analogical evidence, respectively. In addition, hypotheses were more often than not modified by a wrong theory or evidence whether it was driven by a theory or evidence. Implications for science education and related research were discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.417-428
• /
• 2020

With the rapid development of information and communication technology, mobile devices have become an essential tool in our lives. Mobile devices are used as important evidence in criminal proof, as they accumulate data simultaneously with PIM functions while working with users most of the time. The mobile forensics is a procedure for obtaining digital evidence from mobile devices and should be collected and analyzed in accordance with due process, just like other evidence, and the integrity of the evidence is essential because it has aspects that are easy to manipulate and delete. Also, the adoption of evidence relies on the judges' liberalism, which necessitates the presentation of generalized procedures. In this paper, a mobile forensics model is presented to ensure integrity through the generalization of procedures. It is expected that the proposed mobile forensics model will contribute to the formation of judges by ensuring the reliability and authenticity of evidence.