• Title/Summary/Keyword: Crime Investigation

Search Result 207, Processing Time 0.019 seconds

A Study of Detecting Malicious Files using Similarity between Machine Code in Deleted File Slices (삭제된 파일 조각에서 기계어 코드 유사도를 이용한 악의적인 파일 탐지에 대한 연구)

  • Lee, Dong-Ju;Lee, Suk-Bong;Kim, Min-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.6
    • /
    • pp.81-93
    • /
    • 2006
  • A file system is an evidence resource of cyber crime in computer forensics. Therefore the methods of recovering the file system and searching important information have been offered. However, the methods for finding a malicious fie in free blocks or slack spaces have not been suggested. In this paper, we propose an investigation method to find a maliciously executable fragmented file. After estimating if a file is executable with a machine code rate, we conclude it could be malicious by comparing a similarity of instruction sequences. To examine instruction sequences, we also propose a method of profiling malicious files using file and a method of comparing the continued scores. As the results, we could exactly pick out the malicious execution files, such as buffer overflow attack program, at fitting threshold level.

Cold Boot Attack on Encrypted Containers for Forensic Investigations

  • Twum, Frimpong;Lagoh, Emmanuel Mawuli;Missah, Yaw;Ussiph, Najim;Ahene, Emmanuel
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.9
    • /
    • pp.3068-3086
    • /
    • 2022
  • Digital Forensics is gaining popularity in adjudication of criminal cases as use of electronic gadgets in committing crime has risen. Traditional approach to collecting digital evidence falls short when the disk is encrypted. Encryption keys are often stored in RAM when computer is running. An approach to acquire forensic data from RAM when the computer is shut down is proposed. The approach requires that the investigator immediately cools the RAM and transplant it into a host computer provisioned with a tool developed based on cold boot concept to acquire the RAM image. Observation of data obtained from the acquired image compared to the data loaded into memory shows the RAM chips exhibit some level of remanence which allows their content to persist after shutdown which is contrary to accepted knowledge that RAM loses its content immediately there is power cut. Results from experimental setups conducted with three different RAM chips labeled System A, B and C showed at a reduced temperature of -25C, the content suffered decay of 2.125% in 240 seconds, 0.975% in 120 seconds and 1.225% in 300 seconds respectively. Whereas at operating temperature of 25℃, there was decay of 82.33% in 60 seconds, 80.31% in 60 seconds and 95.27% in 120 seconds respectively. The content of RAM suffered significant decay within two minutes without power supply at operating temperature while at a reduced temperature less than 5% decay was observed. The findings show data can be recovered for forensic evidence even if the culprit shuts down the computer.

An Effective Counterattack System for the Voice Spam (효과적인 음성스팸 역공격 시스템)

  • Park, Haeryong;Park, Sujeong;Park, Kangil;Jung, Chanwoo;KIM, Jongpyo;Choi, KeunMo;Mo, Yonghun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.6
    • /
    • pp.1267-1277
    • /
    • 2021
  • The phone number used for advertising messages and voices used as bait in the voice phishing crime access stage is being used to send out a large amount of illegal loan spam, so we want to quickly block it. In this paper, our system is designed to block the usage of the phone number by rapidly restricting the use of the voice spam phone number that conducts illegal loan spam and voice phishing, and at the same time sends continuous calls to the phone number to prevent smooth phone call connection. The proposed system is a representative collaboration model between an illegal spam reporting agency and an investigation agency. As a result of developing the system and applying it in practice, the number of reports of illegal loaned voice spam and text spam decreased by 1/3, respectively. We can prove the effectiveness of this system by confirming that.

Research for the Security Studies in the Universities of U. S. A. (미국 대학 시큐리티 교육내용에 관한 연구 -한국 대학교육과 비교를 중심으로-)

  • Gong, Bae-Wan
    • Convergence Security Journal
    • /
    • v.11 no.2
    • /
    • pp.35-43
    • /
    • 2011
  • In the universities of U.S.A., Criminal Justice is the interdisciplinary study of the institutions and policies that constitute the criminal justice system, as well as theories of human behavior and philosophies of justice related to the maintenance of social order, the control of crime, and the achievement of a just society. There are 103 American Universities have Criminal Justice department and they provide about 180 differents courses as a pre-requisition or optional subject in the major. The most 10 courses that those colleges adopted are Introduction to Criminal Justice, Criminal Law, Criminology, Criminal Procedures, Research Methods in Criminal Justice, Criminal Investigation, Juvenile Justice, Terrorism, Ethical Issues in Criminal Justice, Introduction to Psychology or Introduction to Sociology. Also, 10 fields more important in the major if we group together similar courses those are Criminal Justice and Procedures Sequences, Law, Justice and corrections, Theory and Methods Sequences, Homelend Security and Security Operations, Forensics and Cybercrime, Management and Administration, Police, Race and Ethnicity, General Requirements, Other Social Science Fields. The combined degree program leading to Bachelor of Arts Degree in Criminal Justice and Master in Public Administration provides a concentration in criminal justice, management, administration, and leadership. They have big different courses between USA and Korea event though they have similar educative goal and way of approach to the target in the major.

Enabling Environment for Participation in Information Storage Media Export and Digital Evidence Search Process using IPA (정보저장매체 반출 및 디지털 증거탐색 과정에서의 참여권 보장 환경에 대한 중요도-이행도 분석)

  • Yang, Sang Hee;Lee, Choong C.;Yun, Haejung
    • The Journal of Society for e-Business Studies
    • /
    • v.23 no.3
    • /
    • pp.129-143
    • /
    • 2018
  • Recently, the use of digital media such as computers and smart devices has been rapidly increasing, The vast and diverse information contained in the warrant of the investigating agency also includes the one irrelevant to the crime. Therefore, when confiscating the information, the basic rights, defense rights and privacy invasion of the person to be seized have been the center of criticism. Although the investigation agency guarantees the right to participate, it does not have specific guidelines, so they are various by the contexts and environments. In this process, the abuse of the participation right is detrimental to the speed and integrity of the investigation, and there is a side effect that the digital evidence might be destroyed by remote initialization. In this study, we conducted surveys of digital evidence analysts across the country based on four domains and thirty measurement items for enabling environment for participation in information storage media export and digital evidence search process. The difference between the level of importance and the performance was analyzed by the IPA matrix based on process, location, people, and technology dimensions. Seven items belonging to "concentrate here" area are one process-related, three location-related, and three people-related items. This study is meaningful to be a basis for establishing the proper policies and strategies for ensuring participation right, as well as for minimizing the side effects.

A preliminary study and its application for the development of the quantitative evaluation method of developed fingerprints on porous surfaces using densitometric image analysis (다공성 표면에서 현출된 지문의 정량적인 평가방법 개발을 위한 농도계 이미지 분석을 이용한 선행연구 및 응용)

  • Cho, Jae-Hyun;Kim, Hyo-Won;Kim, Min-Sun;Choi, Sung-Woon
    • Analytical Science and Technology
    • /
    • v.29 no.3
    • /
    • pp.142-153
    • /
    • 2016
  • In crime scene investigation, fingerprint identification is regarded to be one of the most important techniques for personal identification. However, objective and unbiased evaluation methods that would compare the fingerprints with diverse available and developing methods are currently lacking. To develop an objective and quantitative method to improve fingerprint evaluation, a preliminary study was performed to extract useful research information from the analysis with densitometric image analysis (CP Atlas 2.0) and the Automated Fingerprint Identification System (AFIS) for the developed fingerprints on porous surfaces. First, inked fingerprints obtained by varying pressure (kg.f) and pressing time (sec.) to find optimal conditions for obtaining fingerprint samples were analyzed, because they could provide fingerprints of a relatively uniform quality. The extracted number of minutiae from the analysis with AFIS was compared with the calculated areas of friction ridge peaks from the image analysis. Inked fingerprints with a pressing pressure of 1.0 kg.f for 5 seconds provided the most visually clear fingerprints, the highest number of minutiae points, and the largest average area of the peaks of the friction ridge. In addition, the images of the developed latent fingerprints on thermal paper with the iodine fuming method were analyzed. Fingerprinting condition of 1.0 kg.f/5 sec was also found to be optimal when generating highest minutiae number and the largest average area of peaks of ridges. Additionally, when the concentration of ninhydrin solution (0.5 % vs. 5 %) was used to compare the developed latent fingerprints on print paper, the best fingerprinting condition was 2.0 kg.f/5 sec and 5 % of ninhydrin concentration. It was confirmed that the larger the average area of the peaks generated by the image analysis, the higher the number of minutiae points was found. With additional tests for fingerprint evaluation using the densitometric image analysis, this method can prove to be a new quantitative and objective assessment method for fingerprint development.

A Study on Improvement of the investigation procedure for the National Security Violators - Focused on the Rights to Counsel - (안보사범에 대한 수사절차 개선방안 검토 - 피의자 신문시 변호인 참여권 문제를 중심으로 -)

  • Yoon, Hae-Sung;Joo, Seong-Bhin
    • Korean Security Journal
    • /
    • no.46
    • /
    • pp.113-140
    • /
    • 2016
  • Right to counsel means a defendant has a right to have the assistance of counsel (i.e., lawyers), and if the defendant cannot afford a lawyer, requires that the government appoint one or pay the defendant's legal expenses. The right to counsel is generally regarded as a constituent of the right to a fair trial. Historically, however, not all countries have always recognized the right to counsel. The right is often included in criminal law and constitutional law etc. First, any person who is arrested or detained shall have the right to prompt assistance of counsel. When a criminal defendant is unable to secure counsel by his own efforts, the State shall assign counsel for the defendant as prescribed by act in article 12(4) of the constitutional law. Second, the defense counsel or a person who desires to be a defense counsel may have an interview with the defendant or the suspect who is placed under physical restraint, deliver or receive any documents or things and have any doctor examine and treat the defendant or the suspect in article 34 of the criminal law. Nonetheless, problems about guarantee of the rights to counsel to the national security violators like spy terrorist and etc will be important for Koreans to consider. That is because national security violators's cases are qualitatively different from general criminal offense's cases and historically, lawyer obstruct a investigation in the process of examination of a suspect for national security violators. Therefore, this study suggest a way that a restriction the rights to counsel with an attorney in cases of the national security violators. To this end, in this paper, I touch on restriction of right to counsel during interrogation in the England and Germany etc in comparison to that of Korea and review Korea's Supreme Court decision and Constitution Court decision to understand the prospective and trends for Korean investigation procedure improvement.

  • PDF

The Method of Participatory Government to Introduce the System of Autonomous Police (참여정부의 자치경찰제 도입방안)

  • Jung, Jin-Hwan
    • Korean Security Journal
    • /
    • no.10
    • /
    • pp.355-385
    • /
    • 2005
  • As the system of autonomous police that has been debated for long time is fixed to be introduced by the program of participatory government, this treatise intends to analyze main contents and review controversial items in order to present supplementary measures. The program of participatory government to introduce autonomous police in Korea focuses on converting the autonomous police of Korea from centralized police administration in order to provide 'customized security service' that is appropriate to the regional environment. Thus, if relevant city, county or district considers that it is required to introduce the system autonomous police, the assembly may enforce the decision by enacting ordinance. For enforcement, organization in the unit of section will be established in the line of mayor, county headman and district office. The main role will be security service that is closely related to the life of inhabitants such as crime prevention, patrol, traffic crackdown, etc. as well as public health, sanitation and environmental control which are being performed by autonomous organization at present. However some expected controversial items may be summarized in the following 3 points on the premise of accepting the program of government. First, the point at issue related to the basic function of police. The basic function of police is generally understood as order keeping function such as anterior and preventive job and law enforcing function such as posterior and suppressing job. By the way, the program of government does not endow the autonomous police with investigation right for general crime, thereby raising the controversy that our autonomous police is nothing but the assistant of police. Furthermore, the present national police also expresses its dissatisfaction to the transfer of authority. Second, the issue of balance of security service between self-governing bodies may be raised. The security environment is different between self-governing bodies and thus demand of security is different. Therefore, the security service of autonomous police will reveal difference in qualitative aspect for each self-governing body. Moreover, it can be easily anticipated that the quality of security service may be different as per the financial independence degree. Third, the point at issue anticipated with the operation funded by the budget of self-governing body. As autonomous police is operated by the budget of self-governing body, the following problems may be raised; (1) since police administration is subordinated to general administration, the concentration may be weakened (2) the cooperation between policy agencies may be impeded (3) owing to the difficult in possessing spare police, the mobility of police may be somewhat reduced.

  • PDF

A Study on the Legislative Conception of Terror of the Advanced European Nations (유럽 선진국의 법제적 테러 개념에 관한 고찰)

  • Kwon, Jeong-Hun;Kim, Tae-Hwan
    • Korean Security Journal
    • /
    • no.15
    • /
    • pp.29-50
    • /
    • 2008
  • Many countries throughout the world have enacted laws on terrorism in the light of the changes that time has brought to them, geographical features, cultural values, and environmental elements. Especially some advanced European nations prescribe the definition of terrorism, the purpose of terrorism, the behavior of terrorism, and the types of crimes related to terrorism and so on for the following reason that it is more vital for the authorities concerned to investigate and punish terrorists after the rise of terrorism. In this regard, this paper analyzes legislative countermoves against terrorists of advanced countries such as France, Germany, and England and through this sheds light on the need of future anti-terrorism bills. The legislative basic guidelines directly to manipulate future terrors based on theories derived from this study could be summarized as follows. In the first place, providing laws on direct investigative power and harsher punishment to those involved in terrorism is a prerequisite for social security and thus the presidential directive of the state anti-terrorism action guidelines just deals with administrative measures without any effective response to terrorism. Hence it is urgent to make anti-terrorism bill concerning investigation and punishment of terrorists. In the second place, it is associated with the objectives of terror. The expression "all sorts of" stated in Korean law is so quite unclear that it can not fulfill the required conditions for naming it "crime". Comprehending provisoes of the crime that meets the purpose of the terrorists is necessary in order to investigate and inflict punishment on them. Therefore, it is advisable to establish specific and precise principles such as political, social, ideological, and religious purpose of terrorists in the bill. In the third place, to meet the flow of times of technicalization, informatization, such provisoes as destruction of electronic data system, crimes related to nuclear materials, purchases of weapons by terrorists, tax administration for prohibition of sale, and arson should be considered in terror bill. In the fourth place, nonselective attack toward unspecified individuals has become a serious issue in our society. Terrorists leave poisonous foods or beverages to crowded place or dump toxic chemicals into river intentionally. Therefore more strict regulations must be included in terror bill to prevent possible terrorist attacks.

  • PDF

A Study on the Problems in the Use of CCTV by the Police and Some Proposals (경찰CCTV 운용상의 문제점과 개선방안)

  • Lee, Sang-Won;Lee, Seung-Chal
    • Korean Security Journal
    • /
    • no.10
    • /
    • pp.215-242
    • /
    • 2005
  • As CCTV can be an effective tool to prevent or suppress crime at low cost, they have been widesoread in developed countries. In spite of their effectiveness, they infringe some constitutional rights such as the right to privacy, the right of likeness and the right to control over personal information. The police and ward offices install CCTV in public areas to prevent crimes without a legal basis or standard. When information obtained in such a way is used as investigation data for the police or as an evidence in a court, it can cause serious trouble. To solve this problem, legal restriction on the installation of CCTV as should be clearer. Since current laws on public agencies' protection of personal information are too general, they are not effective enough to protect personal information. Therefore, Personal Information Protection Organic Act should be enacted to make a legal basis for protecting comprehensive personal information. It should be obvious who installs CCTVs, who pay for the cost and how they are managed. Before installation, the police and ward offices should obtain residents' consent through a public hearing or voting (on the range and purpose of installation), or conduct an impact assessment. During installation, CCTVs should be limited to prevent or suppress crimes, keep public order and void dangers. In case of making a sign of installation, it must specify its rights. After installation(operation/management phase), they should abide by principles of information protection and try not to infringe constitutional right. In the cognitive aspect, the police should constitutional rights must be secured although it is important to carry out their missions. The police should serve citizens and change to the police of communities. Citizens should understand that constitutional right can be infringed if public order is not maintained. When citizens cooperate with the police, they fear of crimes will decrease.

  • PDF