• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.2
• /
• pp.59-64
• /
• 2011

A lot of computer users use external memory device. But, same time file efflux incidents are also increasing. There are two ways people use for efflux file. One is moving it after checking file which is running on computer and the other is checking file name only. Checking from running file case, we can identify vestige with running information of applied program but, the case of moving as external device without running file there is no evidence running applied program. So there are a lot of difficulty with forensic investigation. In this paper we suggest the way to help forensic investigation which is method of getting external memory device information of volume and time through its awareness method and connection information and moving to external device without running file after compare the external memory device volume information through link file analysis and getting information of link file formation & access time from link file.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.137-146
• /
• 2007

Korea's seas have the potentials of dispute against China or Japan due to the overlap of the territorial waters and EEZ. In case of marine accidents, the nature of the sea tends to eliminate much of the track, making it another hardship in evidence adoption in case of an international dispute along with the false entries of fishing vessels' journals. Marine Digital Forensics Protects the functions of computers and IT appliance on vessels and extracts evidence of voyage and accidents to resolve international dispute. The digital evidence, if tampered with its integrity, my lead to the rejection to a critical claim or may even fail to make a case. As a solution, this thesis suggests Marine Digital Forensics as a way to extract evidence and prove a claim. This may be utilized as means of scientific investigation on sea as overseas exchange increases and the vessels digitalize, leading to a solution in international disputes that may occur in the future.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.1
• /
• pp.253-260
• /
• 2008

This paper is based on the ubiquitous network of telematics technology, equipped with a black box to the car by a unique address given to IPv6. The driver's black box at startup and operation of certification, and the car's driving record handling video signals in real-time sensor signals handling to analyze the records. Through the recorded data is encrypted transmission, and the Ubiquitous network of base stations, roadside sensors through seamless mobility and location tracking data to be generated. This is a file of Transportation Traffic Operations Center as a unique address IPv6 records stored in the database. The car is equipped with a black box used on the road go to Criminal cases, the code automotive black boxes recovered from the addresses and IPv6, traffic records stored in a database to compare the data integrity verification and authentication via secure. This material liability in the courtroom and the judge Forensic data are evidence of the recognition as a highly secure. convenient and knowledge in the information society will contribute to human life.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1107-1115
• /
• 2017

The most commonly used PKZIP format is a ZIP file, as well as a file format used in MS Office files and application files for Android smartphones. PKZIP format files, which are widely used in various areas, require structural analysis from the viewpoint of digital forensics and should be able to recover when files are damaged. However, previous studies have focused only on recovering data or extracting meaningful data using the Deflate compression algorithm used in ZIP files. Although most of the data resides in compressed data in the ZIP file, there is also forensically meaningful data in the rest of the ZIP file, so you need to restore it to a normal ZIP file format. Therefore, this paper presents a technique to recover a damaged ZIP file to a normal ZIP file when given.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.541-547
• /
• 2019

As leakage cases of personal information increase, the concern of personal information protection is also increasing. As a result, most applications encrypt and store sensitive information such as personal information. Especially, in case of instant messengers, it is more difficult to find database where is not encrypted and stored. However, this kind of database encryption acts as anti-forensic from the point of view of digital forensic investigation. In this paper, we analyze database encryption process of MalangMalang Talkcafe application which is one of instant messenger. Based on our analysis, we propose a decryption method and explain the meaningful information collected in the database.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.609-619
• /
• 2023

Recently, crimes using drones, one of the IoT industries have been continuously reported. In particular, drones are characterized by easy access and free movement, so they are used for various crimes such as transporting explosives, transporting drugs, and illegal recording. In order to analyze and investigate these criminal acts, drone forensic research is highly emphasized. Media data, PII, and flight records are digital forensic artifacts that can be acquired from drones, in particluar flight records are important artifacts since they can be used to trace drone activities. Therefore, in this paper, the characteristics of the deleted flight record files of DJI drones are presented and verified using the Phantom3, Phantom4 andMini2 models, two drones with differences in characteristics. Additionally, the recovery level is analyzed using the flight record file characteristics, and lastly, drones with the capacity to recover flight records for each drone model and drone models without it are classified.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.487-498
• /
• 2023

Security incidents using vulnerabilities in cloud services occur, but it is difficult to collect and analyze traces of incidents in cloud environments with complex and diverse service models. As a result, the importance of cloud forensics research has emerged, and infringement response scenarios must be designed from the perspective of cloud service users (CSUs) and cloud service providers (CSPs) based on representative security threat cases in the public cloud service model. This simulated hacking-based proactive cloud infringement response framework can be used to respond to the cloud service critical resource attack process from the viewpoint of vulnerability detection before cyberattacks occur on the cloud, and can also be expected for data acquisition. Therefore, in this paper, we propose a framework for preventive cloud infringement based on simulated hacking by analyzing and utilizing Cloudfox, a cloud penetration test tool.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2021.11a
• /
• pp.139-141
• /
• 2021

In the maritime digital forensic part, it is very important and difficult process that analysis of data and information with vessel navigation system's binary log data for situation awareness of maritime accident. In recent years, anaysis of vessel's navigation system's trajectory information is an essential element of maritime accident investigation for vessel digital forensic process. So, we analysis of maritime navigation systems of vessel and feature of device and environments. In the future, we will research on information of ship's trajectory and movement for useful forensic service.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2008.06a
• /
• pp.175-182
• /
• 2008

2008년에 있었던 우리나라 금융기관과 정부기관에 대한 DoS 공격에 대한 연구이다. 실험실 환경에서 실제 DoS 공격 툴을 이용하여 공격을 실시한다. DoS 공격을 탐지하기 위하여 네트워크 상에서 Snort를 이용한 N-IDS를 설치하고, 패킷을 탐지하기 위한 Winpcap과 패킷의 저장 및 분석하기 위한 MySQL, HSC, .NET Framework 등을 설치한다. e-Watch 등의 패킷 분석 도구를 통해 해커의 DoS 공격에 대한 패킷량과 TCP, UDP 등의 정보, Port, MAC과 IP 정보 등을 분석한다. 본 논문 연구를 통하여 유비쿼터스 정보화 사회의 역기능인 사이버 DoS, DDoS 공격에 대한 자료를 분석하여 공격자에 대한 포렌식자료 및 역추적 분석 자료를 생성하여 안전한 인터넷 정보 시스템을 확보하는데 의의가 있다.