• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.12
• /
• pp.2878-2884
• /
• 2014

The Smishing attacks are caused using smartphone since 2013. Smishing hacking attacks are increasing due to the approximately 104 million private information leakage incidents by the 3 domestic credit card companies occurred in January 2014. The Smishing attack occurred in conjunction with hacking illegal leakage of personal information and direct financial damage. In this paper, i am analyze real-world case studies in the lab and study accident on Smishing Mobile Forensic analysis. I am study of a real case Smishing hacking attacks. And studying evidence for a Mobile Forensic analysis of the technical principles of Smishing attacks. The study for the Mobile Forensic evidence proved the Smishing hacking attacks using Mobile Forensic technic and create Mobile Forensic reports. Through this paper, the research will be safe for the people living in the smartphone can be used safely and conveniently, with the development of Mobile Forensic technology, to study the extraction of Smishing accident evidences from the court.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.489-499
• /
• 2017

MS office is a office software which is widely used in the world. The OOXML format has been applied to the document structure from MS office 2007 to the newest version. In this regard, the method of data concealing, which is a representative anti-forensic act has been researched and developed, so the method of detecting concealed data is very important to the digital forensic investigation. In this paper, we present an improved data concealing method bypassing the previewers detecting methods for OOXML formatted MS office documents. In addition, we show concealment of the internal data like sheets and slides for MS office 2013 Excel and PowerPoint, and suggest an improved detecting algorithm against this data concealing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.95-110
• /
• 2018

With the widespread use of smartphones, various personal information of users is being recorded on a smartphone in real time. For the purpose of preventing the loss of important personal information of users, manufacturer provides a smartphone backup applications. Recently, not only backup programs for PC but also backup mobile apps for smart phones have been provided. From the point of view acquiring forensic data, it is important not to compromise the acquisition possibilities and the integrity of the original data. Especially, in the case of Android smartphones, various studies are being carried out to acquire the data without damaging the integrity of the original data. However, there are limitations to apply the existing research methods. In this paper, we describe the process of acquiring data using the backup mobile app provided by the manufacturer without compromising the integrity of the latest smartphone.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.285-288
• /
• 2010

Chinese hackers hack the e-commerce site by bypass South Korea IP to connect to the third country, finance damaging a violation incident that fake account. 7.7.DDoS attack was the case of a hacker attack that paralyzed the country's main site. In this paper, the analysis is about vulnerabilities that breaches by hackers and DDoS attacks. Hacker's attacks and attacks on the sign of correlation analysis is share the risk rating for in real time, Red, Orange, Yellow, Green. Create a blacklist of hackers and real-time attack will be studied security and air conditioning systems that attacks and defend. By studying generate forensic data and confirmed in court as evidence of accountability through IP traceback and detection about packet after Incident, contribute to the national incident response and development of forensic techniques.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.83-96
• /
• 2018

Electronic medical records in the hospital information system are the important evidence related to the crime and are subject to search and seizure. In the case of a large general hospital, it is possible to search for seizures through cooperation of the staff, but it is impossible in small hospitals. The investigation agency copies the database of electronic medical records and then selects relevant content. This approach has an issue of excessive search and seizure. In this paper, we propose field selection procedures and methods for electronic medical records while ensuring integrity, reproducibility, and chain of custody. Currently, it is necessary to study the procedures and methods of search and seizure of medical information system so that it can respond to next changing cloud hospital information system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.135-152
• /
• 2016

Because of the evolution of mobile devices such as smartphone, the necessity of mobile forensics is increasing. In spite of this necessity, the mobile forensics does not fully reflect the characteristic of the mobile device. For this reason, this paper analyzes the legal, institutional, and technical considerations for figuring out facing problems of mobile forensics. Trough this analysis, this study discuss the limits of screening seizure on the mobile device. Also, analyzes and verify the mobile forensic data acquisition methods and tools for ensuring the admissibility of mobile forensic evidence in digital investigation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.583-592
• /
• 2020

With the popularization of smartphones, Social Networking Service (SNS) has become the means of communication for modern people. Due to the nature of the means of communication, SNS generates a variety of archive and preservation evidence. Therefore, it is a major analysis target in terms of digital forensic investigation. An application that provides SNS stores data in a central server or database in a smartphone inside for user convenience. Some applications provide encryption for privacy, which can be anti-forensic in terms of digital forensic investigation. Therefore, the study of the encryption method should be continuously preceded. In this paper, we analyzed two applications that provide SQLite-based database encryption through SQLCipher module. Each database was decrypted and key data was identified.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.1
• /
• pp.43-50
• /
• 2013

File identification and analysis is an important process of computer forensics, since the process determines which subjects are necessary to be collected and analyzed as digital evidence. An efficient file classification aids in the file identification, especially in case of copyright infringement where we often have huge amounts of files. A lot of file classification methods have been proposed by far, but they have mostly focused on classifying malicious behaviors based on known information. In copyright infringement cases, we need a different approach since our subject includes not only malicious codes, but also vast number of normal files. In this paper, we propose an efficient file classification method that relies on undocumented information in the header of the PE format files. Out method is useful in copyright infringement cases, being applied to any sort of PE format executable file whether the file is malicious, packed, mutated, transformed, virtualized, obfuscated, or not.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1373-1383
• /
• 2017

Deduplication is a function to effectively manage data and improve the efficiency of storage space. When the deduplication is applied to the system, it makes it possible to efficiently use the storage space by dividing the stored file into chunks and storing only unique chunk. However, the commercial digital forensic tool do not support the file system analysis, and the original file extracted by the tool can not be executed or opened. Therefore, in this paper, we analyze the process of generating chunks of data for a Windows Server 2012 system that can apply deduplication, and the structure of the resulting file(Chunk Storage). We also analyzed the case where chunks that are not covered in the previous study are compressed. Based on these results, we propose the method to collect deduplicated data and reconstruct the original file for digital forensic investigation.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.71-82
• /
• 2018

Using small cameras such as smartphones, criminals shoot secretly in public restrooms and women's changing rooms. And Revenge porn is also increasing. As a result social damage is increasing. Tumblr is an overseas service and it is very difficult to work with Tumbler on international legal cooperation and deletions. Thus In order to block the distribution of videos, victims must find and report the video URL themselves. But it's hard for victims who lack IT expertise to proceed those procedure. In this study, we automatically collect the URL of stored information and hash values of the images from API permlink of Tumbler blog. It is then saved as a document file with and presented to the victim. Through these technical methods, we can help victims report violations easily and quickly.