• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1333-1335
• /
• 2012

이 연구에서는 전자기록물의 일반적인 특징과 법적 증거능력에 대해서 조사하고 이를 통해 국가기록원을 비롯한 기록보존소에서 관리하는 전자기록들의 증거능력에 대해 고찰하였다. 또한 디지털 증거를 수집 분석하여 법정에 제출하기 위한 분야인 디지털 포렌식(Digital Forensics)에서의 절차 및 기술을 통해 전자기록관리 프로세스에서 전자기록의 증거능력을 확보하기 위한 기초적인 방안을 제시한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.397-402
• /
• 2006

디지털 범죄 수사 능력은 디지털 포렌식 기술 개발 뿐만 아니라 정책적인 수사체계가 얼마나 잘되어 있느냐에 따라 달라진다. 점차 다양화 되고 지능화 되어가는 디지털 범죄를 수사하기 위해서는 디지털 범죄 수사 체계 모델링이 필요하다. 따라서 본고에서는 디지털 범죄의 종류와 그에 적합한 수사 절차를 언급하고, UML(Unified Modeling Language)을 이용하여 디지털 범죄 수사 절차를 체계화하고 모델링하는 방법을 제시하고자 한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.5
• /
• pp.163-172
• /
• 2014

The Scale Invariant Feature Transform (SIFT) has been widely used in a lot of applications for image feature matching. Such a transform allows us to strong matching ability, stability in rotation, and scaling with the variety of different scales. Recently, it has been made one of the most successful algorithms in the research areas of copy-move forgery detections. Though this transform is capable of identifying copy-move forgery, it does not widely address the possibility that counter-forensics operations may be designed and used to hide the evidence of image tampering. In this paper, we propose a targeted counter-forensics method for impeding SIFT-based copy-move forgery detection by applying a semantically admissible distortion in the processing tool. The proposed method allows the attacker to delude a similarity matching process and conceal the traces left by a modification of SIFT keypoints, while maintaining a high fidelity between the processed images and original ones under the semantic constraints. The efficiency of the proposed method is supported by several experiments on the test images with various parameter settings.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.5
• /
• pp.683-688
• /
• 2011

Korea-EU FTA, which came to an agreement in April of 2007, was resolved at the National Assembly in May of 2011, thereby having been concluded the ratification. As for the procedure of opening a market in legal service according to settlement and ratification of Korea-EU FTA, Step 1 is allowed the establishment of representative office(law firm with foreign-law consultation) at home by EU member countries' law firms. Step 2 is made available for law firm with foreign-law consultation to jointly handle and distribute profits as for a case that is mixed the domestic law firm and the domestic & foreign laws. Step 3 is allowed EU member countries' law firm to establish a joint venture with domestic law firm. This study researches into a change and influence upon legal service and forensic investigation according to Korea-EU FTA ratification. Also, it researches into position and prospect that digital forensic evidence, which possesses the majority of legal evidences, takes up in the middle of court-oriented trials. The prediction of influence in digital evidence as professional proof upon judgment will led to being capable of coping with the opening of legal service market and of wisely preparing for the advance to domestic market by law firm of Anglo-American Law.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.87-96
• /
• 2006

In this paper, we examine general digital evidence collection process which is according to RFC3227 document[l], and establish specific steps for memory information collection. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system. Especially, we discovered sensitive data which is like password and userID that exist in the half of pagefiles. Moreover, we suggest each analysis technique and computer forensic process for memory information and virtual memory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.193-201
• /
• 2013

Sharing copyrighted files without copyright holder's permission is illegal. But, a number of illegal file sharers using BitTorrent increase. However, it is difficult to find appropriate digital evidences and legal basis to punish them. And, there are no framework for digital investigation of illegal sharing using BitTorrent. Additionally, role of server in BitTorrent had been reduced than server in conventional P2P. So, It is difficult to apply investigation framework for illegal sharing using conventional P2P to investigation process of illegal sharing using BitTorrent. This paper proposes the methodology about punishing illegal sharer using BitTorrent by suggesting the digital investigation framework.

• 정보보호뉴스
• /
• s.138
• /
• pp.54-57
• /
• 2009

컴퓨터 포렌식은 사고와 관련된 시스템을 조사해 범죄에 이용된 증거를 수집해 입증하는 분야이다. 국내에서는 아직 증거수집에 대한 프로세스가 공개되지 않고 있는데, 그 이유는 일반기업에서 해당 업무를 수행할 권한이 없기 때문이다. 이에 반해 해외의 경우, 해당 프로세스에 대한 'Rfc3227(http://www.ietf.org/rfc/rfc3227.txt)' 지침이 마련돼 있으며, 이것은 IETF(The Internet Engineering Task Force)의 BCP(Best Current Practice)로 등록돼 있는 표준화 절차다. 이는 증거수집 및 보관이라는 업무가 반드시 사법적인 권한을 가지고 수행해야 하는 업무가 아니라, 사고가 발생한 시스템에 대한 원인을 파악하고 재발 방지를 위한 목적을 가지고 있기 때문이다. 위와 같은 목적으로 국내에서는 딱딱한 컴퓨터 포렌식이 아닌 현업에게 활용 가능한 컴퓨터 포렌식에 대해 정리해 보고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.115-127
• /
• 2024

The recent increase in digital audio media has greatly expanded the size and diversity of sound data, which has increased the importance of sound data analysis in the digital forensics process. However, the lack of standardized procedures and guidelines for sound data analysis has caused problems with the consistency and reliability of analysis results. The digital environment includes a wide variety of audio formats and recording conditions, but current audio forensic methodologies do not adequately reflect this diversity. Therefore, this study identifies Life-Cycle-based sound data elemental technologies and provides overall guidelines for sound data analysis so that effective analysis can be performed in all situations. Furthermore, the identified elemental technologies were analyzed for use in the development of digital forensic techniques for sound data. To demonstrate the effectiveness of the life-cycle-based sound data elemental technology identification system presented in this study, a case study on the process of developing an emergency retrieval technology based on sound data is presented. Through this case study, we confirmed that the elemental technologies identified based on the Life-Cycle in the process of developing digital forensic technology for sound data ensure the quality and consistency of data analysis and enable efficient sound data analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.273-277
• /
• 2013

Recently, according with a sudden increase of records produced and stored by digital way, it becomes more important to maintain reliability and authenticity and to ensure legal effect when digital records are collected, preserved and managed. On the basis of domestic legal procedure law and record management-related legislation, this paper considered judicial admissibility of evidence on electronic records managed by National Archives of Korea and drew potential problems when these are submitted to court as a evidence. Also, this paper suggested a plan applying digital forensics technique to electronic records management to ensure admissibility of evidence about electronic records stored in National Archives of Korea.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.75-86
• /
• 2017

Docker, which is one of the various virtualization technology in server systems, is getting popular as it provides more lightweight environment for service operation than existing virtualization technology. It supports easy way of establishment, update, and migration of server environment with the help of image and container concept. As the adoption of docker technology increases, the attack motive for the server for the distribution of docker images and the incident case of attacking docker-based hosts would also increase. Therefore, the method and procedure of digital forensic investigation of docker-based host including the way to extract the filesystem of containers when docker daemon is inactive are presented in this paper.