• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1421-1433
• /
• 2015

For an accurate analysis through the forensic of digital devices and computer, it is a very important validation of the reliability of digital forensic tools. To verify the reliability of the tool, it is necessary to research and development of the data set to be input to the tool. In many-used Windows operating system of the computer, there is a Window forensic artifacts associated with time and system behavior. In this paper, we developed a set of data in the Windows operating system to be able to analyze all of the two Windows artifacts and we conducted a test with published digital forensic tools. Therefore, the developed data set presents the use of the following method. First, artefacts education for growing ability can be analyzed acts standards. Secondly, the purpose of tool tests for verifying the reliability of digital forensics. Lastly, recyclability for new artifact analysis.

• KSCI Review
• /
• v.15 no.1
• /
• pp.209-217
• /
• 2007

Korea's seas have the potentials of dispute against China or Japan due to the overlap of the territorial waters and EEZ. In case of marine accidents, the nature of the sea tends to eliminate much of the track, making it another hardship in evidence adoption in case of an international dispute along with the false entries of fishing vessels' journals. Marine Digital Forensics protects the functions of computers and IT appliance on vessels and extracts evidence of voyage and accidents to resolve international dispute. The digital evidence, if tampered with its integrity, may lead to the rejection to a critical claim or may even fail to make a case. As a solution, this thesis suggests Marine Digital Forensics as a way to extract evidence and prove a claim. This may be utilized as means of scientific investigation on sea as overseas exchange increases and the vessels digitalize, leading to a solution in international disputes that may occur in the future.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.2
• /
• pp.143-151
• /
• 2008

74% of Internet users use the UCC, and You Tube using firearms in a crime occurred. Internet crime occurred in the online, non-face transaction, anonymous, encapsulation. In this paper, we are studied a Network Forensic Way and a technique analyze an aspect criminal the Internet haying appeared at Internet UCC, and to chase. Study ID, IP back-tracking and position chase through corroborative facts collections of the UCC which used UCC search way study of the police and a public prosecutor and storage way and network forensic related to crimes of Internet UCC. Proof data encrypt, and store, and study through approach control and user authentication so that they are adopted to legal proof data through integrity verification after transmission and storages. This research via the Internet and criminal conspiracy to block the advance promotion, and for the criminal investigative agencies of the Internet will contribute to the advancement forensics research.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.315-319
• /
• 2022

Cloud computing has emerged to be the most effective headway for investigating crime especially cybercrime in this modern world. Even as we move towards an information technology-controlled world, it is important to note that when innovations are made, some negative implications also come with it, and an example of this is these criminal activities that involve technology, network devices, and networking that have emerged as a result of web improvements. These criminal activities are the ones that have been termed cybercrime. It is because of these increased criminal activities that organizations have come up with different strategies that they use to counter these crimes, and one of them is carrying out investigations using the cloud environment. A cloud environment has been defined as the use of web-based applications that are used for software installation and data stored in computers. This paper examines problems that are a result of cybercrime investigation in the cloud environment. Through analysis of the two components in play; cybercrime and cloud environment, we will be able to understand what are the problems that are encountered when carrying out investigations in cloud forensics. Through the use of secondary research, this paper found out that most problems are associated with technical and legal channels that are involved in carrying out these investigations. Investigator's mistakes when extracting pieces of evidence form the most crucial problems that take a lead when it comes to cybercrime investigation in the cloud environment. This paper not only flags out the challenges that are associated with cybercrime investigation in cloud environments but also offer recommendations and suggested solutions that can be used to counter the problems in question here. Through a proposed model to perform forensics investigations, this paper discusses new methodologies solutions, and developments for performing cybercrime investigations in the cloud environment.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.21-35
• /
• 2022

The use of digital information according to the development of information and communication technology and the 4th industrial revolution is continuously increasing and diversifying, and in proportion to this, crimes using digital information are also increasing. However, there are few cases of establishing an environment for processing and analysis of digital evidence in Korea. The budget allocated for each organization is different and the digital forensics laboratory built without solving the chronic problem of securing space has a problem in that there is no standard that can be referenced from the initial configuration stage. Based on this awareness of the problem, this thesis conducted an exploratory study focusing on tools and equipment necessary for building a digital forensics laboratory. As a research method, focus group interviews were conducted with 15 experts with extensive practical experience in the digital forensic laboratory or digital forensics field and experts' opinions were collected on the following 9 areas: network configuration, analyst computer, personal tools·equipment, imaging devices, dedicated software, open source software, common tools/equipment, accessories, and other considerations. As a result, a list of tools and equipment for digital forensic laboratories was derived.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.207-215
• /
• 2024

Cloud computing is now used by most companies, business centres and academic institutions to embrace new computer technology. Cloud Service Providers (CSPs) are limited to certain services, missing some of the assets requested by their customers, it means that different clouds need to interconnect to share resources and interoperate between them. The clouds may be interconnected in different characteristics and systems, and the network may be vulnerable to volatility or interference. While information technology and cloud computing are also advancing to accommodate the growing worldwide application, criminals use cyberspace to perform cybercrimes. Cloud services deployment is becoming highly prone to threats and intrusions. The unauthorised access or destruction of records yields significant catastrophic losses to organisations or agencies. Human intervention and Physical devices are not enough for protection and monitoring of cloud services; therefore, there is a need for more efficient design for cyber defence that is adaptable, flexible, robust and able to detect dangerous cybercrime such as a Denial of Service (DOS) and Distributed Denial of Service (DDOS) in heterogeneous cloud computing platforms and make essential real-time decisions for forensic investigation. This paper aims to develop a framework for digital forensic for the detection of cybercrime in a joined heterogeneous cloud setup. We developed a Digital Forensics model in this paper that can function in heterogeneous joint clouds. We used Unified Modeling Language (UML) specifically activity diagram in designing the proposed framework, then for deployment, we used an architectural modelling system in developing a framework. We developed an activity diagram that can accommodate the variability and complexities of the clouds when handling inter-cloud resources.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.31-40
• /
• 2016

In this paper, we propose a new anti-forensic method for hiding data in the timestamp of a file in the Windows NTFS filesystem. The main idea of the proposed method is to utilize the 16 least significant bits of the 64 bits in the timestamps. The 64-bit timestamp format represents a number of 100-nanosecond intervals, which are small enough to appear in less than a second, and are not commonly displayed with full precision in the Windows Explorer window or the file browsers of forensic tools. This allows them to be manipulated for other purposes. Every file has $STANDARD_INFORMATION and $FILE_NAME attributes, and each attribute has four timestamps respectively, so we can use 16 bytes to hide data. Without any changes in an original timestamp of "year-month-day hour:min:sec" format, we intentionally put manipulated data into the 16 least significant bits, making the existence of the hidden data in the timestamps difficult to uncover or detect. We demonstrated the applicability and feasibility of the proposed method with a test case.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.12
• /
• pp.2153-2158
• /
• 2016

Multimedia such as image, audio, and video is easy to create and distribute with the advance of IT. Since novice uses them for illegal purposes, multimedia forensics are required to protect contents and block illegal usage. This paper presents a multimedia forensic algorithm for video to identify the device used for acquiring unknown video files. First, the way to calculate a sensor pattern noise using Wiener filter (W-SPN) is presented, which comes from the imperfection of photon detectors against light. Then, the way to identify the device is explained after estimating W-SPNs from the reference device and the unknown video. For the experiment, 30 devices including DSLR, compact camera, smartphone, and camcorder are tested and analyzed quantitatively. Based on the results, the presented algorithm can achieve the 96.0% identification accuracy.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.79-86
• /
• 2004

In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.6
• /
• pp.143-151
• /
• 2014

Recently, as smartphones are widespread, a variety of user's information is created and managed in smartphones. Especially the location information can show the user's position at a specific time and the user's area of interest, which could be very useful during criminal investigation. Although the location information plays an important role in solving the crimes such as serial murder, rape and arson cases, there is a lack of research on location information for digital forensics. In this paper, we analyze the location information from logs, images, and applications on android, and we suggest the integrated model for analyzing location information. The proposed model may be useful in criminal investigation by improving the efficiency of data analysis and providing information about a criminal case.