• Journal of Platform Technology
• /
• v.11 no.1
• /
• pp.11-22
• /
• 2023

Various video conferencing and collaboration applications have emerged due to the global epidemic of new viral infections. In addition to real-time video conferencing, video conferencing applications provide features such as chat and file sharing on various platforms. Because various personal information is stored through functions such as chatting, file and screen sharing, these video conferencing applications are the major target of analysis from a digital forensic investigation. In the case of applications that provide cross-platform, the form of stored data is different depending on the platform. Therefore, to utilize data of video conferencing application for forensic investigation, preliminary research on artifacts stored by platform is required. In this paper, we used the video conferencing applications GoToWebinar and GoToMeeting and analyzed the artifacts generated. As a result, we list the main data from a digital forensic investigation. We identify data stored for each platform provided by GoToWebinar and GoToMeeting and organize artifacts that can estimate user behavior. Also, we classify the data that can be acquired according to the role and environment within the video conference.

• Review of KIISC
• /
• v.18 no.1
• /
• pp.70-77
• /
• 2008

디지털 포렌식에서 증거 데이터 분석의 효율성을 높이기 위해서는 잘 알려진 파일을 분석 대상에서 제외하거나, 특정 파일의 존재여부에 대한 검사가 필요하다. 이를 위하여, 시스템 파일, 폰트 파일, 응용 프로그램 파일 등 분석이 필요없는 파일 및 루트킷, 백도어, 익스플로잇 코드 등 악성 파일에 대한 해쉬 값을 미래 계산하여 저장해 둔 것을 소프트웨어 참조 데이터세트라고 한다. 이 논문에서는 소프트웨어 참조 데이터세트 구축에 대한 주요 동향에 대하여 살펴본다. 특히, 소프트웨어 참조 데이터세트 구축을 주도하고 있는 미국의 NSRL RDS에 대하여 활용가능성 측면에서 구체적으로 살펴본다. NSRL RDS에 대한 분석결과 실제 컴퓨터 포렌식 도구에서 활용하기 매우 어렵다는 사실을 알 수 있다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.11
• /
• pp.419-426
• /
• 2016

As the threat of cyber incident grows continuously, the need of IOC(Indicators of Compromise) is increasing to identify the cause of incidents and share it for quick response to similar incidents. But only few companies use it domestically and the research about the application of IOC is deficient compared to foreign countries. Therefore in this paper, a quick and standardized way to create IOC automatically based on the analysis result of malwares from Cuckoo Sandbox and its application is suggested.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.75-86
• /
• 2017

Docker, which is one of the various virtualization technology in server systems, is getting popular as it provides more lightweight environment for service operation than existing virtualization technology. It supports easy way of establishment, update, and migration of server environment with the help of image and container concept. As the adoption of docker technology increases, the attack motive for the server for the distribution of docker images and the incident case of attacking docker-based hosts would also increase. Therefore, the method and procedure of digital forensic investigation of docker-based host including the way to extract the filesystem of containers when docker daemon is inactive are presented in this paper.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.177-185
• /
• 2007

Lately, it is a trend that diffusion of Mobile Information Appliance that do various function by development of IT technology. There is function that do more convenient and efficient exchange information and business using mobile phone that is Mobile Information Appliance, but disfunction that is utilized by pointed end engineering data leakage, individual's privacy infringement, threat, etc. relationship means to use mobile phone is appeared and problems were appeared much. However, legal research of statute unpreparedness and so on need research and effort to prove delete, copy, integrity of digital evidence that transfer secures special quality of easy digital evidence to objective evidence in investigation vantage point is lacking about crime who use this portable phone. It is known that this Digital Forensic field is Mobile Forensic. In this paper. We are verify about acquisition way of digital evidence that can happen in this treatise through mobile phone that is Mobile Forensic's representative standing and present way to prove integrity of digital evidence using Hash Function.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.2
• /
• pp.59-64
• /
• 2011

A lot of computer users use external memory device. But, same time file efflux incidents are also increasing. There are two ways people use for efflux file. One is moving it after checking file which is running on computer and the other is checking file name only. Checking from running file case, we can identify vestige with running information of applied program but, the case of moving as external device without running file there is no evidence running applied program. So there are a lot of difficulty with forensic investigation. In this paper we suggest the way to help forensic investigation which is method of getting external memory device information of volume and time through its awareness method and connection information and moving to external device without running file after compare the external memory device volume information through link file analysis and getting information of link file formation & access time from link file.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.1
• /
• pp.253-260
• /
• 2008

This paper is based on the ubiquitous network of telematics technology, equipped with a black box to the car by a unique address given to IPv6. The driver's black box at startup and operation of certification, and the car's driving record handling video signals in real-time sensor signals handling to analyze the records. Through the recorded data is encrypted transmission, and the Ubiquitous network of base stations, roadside sensors through seamless mobility and location tracking data to be generated. This is a file of Transportation Traffic Operations Center as a unique address IPv6 records stored in the database. The car is equipped with a black box used on the road go to Criminal cases, the code automotive black boxes recovered from the addresses and IPv6, traffic records stored in a database to compare the data integrity verification and authentication via secure. This material liability in the courtroom and the judge Forensic data are evidence of the recognition as a highly secure. convenient and knowledge in the information society will contribute to human life.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.175-185
• /
• 2008

It is meaningful to investigate data in unallocated space because we can investigate the deleted data. However the data in unallocated space is formed to fragmented and it cannot be read by application in most cases. Especially in case of being compressed or encrypted, the data is more difficult to be read. If the fragmented data is encrypted and damaged, it is almost impossible to be read. If the fragmented data is compressed and damaged, it is very difficult to be read but we can read and interpret it sometimes. Therefore if the computer forensic investigator wants to investigate data in unallocated space, formal work of determining the data is encrypted of compressed and decompressing the damaged compressed data. In this paper, I suggest the method of analyzing data in unallocated space from a viewpoint of computer forensics.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.01a
• /
• pp.75-77
• /
• 2013

엘리베이터 내에서는 흡연이 금지되어 있으며 엘리베이터 내에서 흡연을 하는 것은 매우 잘못된 일이다. 흡연은 우리 청소년과 여성들에게 매우 좋지 않다. 본 논문에서는 엘리베이터 내에서 흡연을 하는 사람을 추출하여 포렌식 증거 자료로 법원에 제출하기 위해서이다. 추출을 위하여 엘리베이터에 탄 사람의 얼굴 주위를 부분적으로 장면 전환 검출하여 추출한다. 얼굴 주변에 흰색 막대를 검출하는 방법으로 흡연 여부를 결정한다. 연기를 내뿜는 것에 관한 연구는 나중에 할 것이다. 장면 전환 검출은 컬러히스토그램으로 추출하도록 한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.01a
• /
• pp.97-99
• /
• 2011

스마트폰에 대한 관심이 높아지면서 스마트폰 사용자가 증가하고 있다. 스마트폰 중에서도 안드로이드 스마트폰의 증가세가 가장 두드러지며 현재 국내 스마트폰 시장에서 가장 많은 점유율을 차지하고 있다. 스마트폰은 전화기능 외에도 다양한 기능을 가지고 있고 다양한 애플리케이션을 실행할 수 있으며 이러한 특징은 사용자들로 하여금 많은 일을 스마트폰으로 처리하게 하였으며 많은 데이터들이 스마트폰에 저장되게 되었다. 본 논문에서는 이러한 데이터들을 수집하는 방법을 제안한다. 이러한 수집방법은 모바일 포렌식 분야에도 도움이 될 수 있으며 복잡해지는 정보들을 사용자가 관리하기 편하게 하는데도 도움이 될 수 있다. 본 논문에서는 논리적인 정보획득 방법에 기반을 두어 안드로이드 프레임워크의 컴포넌트중 하나인 컨텐트 프로바이더를 통해서 안드로이드 스마트폰의 기본 애플리케이션이 제공하는 정보들을 수집하는 방법으로 정보를 수집한다.