• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.129-141
• /
• 2010

In digital computing environment, for the mal functions in appliances and system errors, the unaccepted intrusion should be occurred. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That’s why we have to prove the evidence’s integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.5
• /
• pp.117-126
• /
• 2016

Recently, increasing utilization of Big Data or Social Network Service involves the increases in demand for NoSQL Database that overcomes the limitations of existing relational database. A forensic examination of Relational Database has steadily researched in terms of Digital Forensics. In contrast, the forensic examination of NoSQL Database is rarely studied. In this paper, We introduce Redis (which is) based on Key-Value Store NoSQL Database, and research the collection and analysis of forensic artifacts then propose recovery method of deleted data. Also we developed a recovery tool, it will be verified our recovery algorithm.

• Journal of Korea Multimedia Society
• /
• v.19 no.1
• /
• pp.30-40
• /
• 2016

Recently, the competition among global IT companies for the market occupancy of the IoT(Internet of Things) is fierce. Internet of Things are all the things and people around the world connected to the Internet, and it is becoming more and more intelligent. In addition, for the purpose of providing users with a customized services to variety of context-awareness, IoT platform and related research have been active area. In this paper, we analyze third party instant messengers of Windows 8 Style UI and propose a digital forensic methodology. And, we are well aware of the Android-based map and navigation applications. What we want to show is GPS information analysis by using the R. In addition, we propose a structured data analysis applying the hierarchical clustering model using GPS data in the digital forensics modules. The proposed model is expected to help support the IOT services and efficient criminal investigation process.

• The KIPS Transactions:PartC
• /
• v.19C no.4
• /
• pp.231-234
• /
• 2012

Logging is an important part of any secure computer system. By analyzing logs in computer systems, you can identify early various problems and detect intrusions by attackers. Also logs can use to collect digital evidences in smart devices and to be forensics value for cybercrime investigations. In this paper, we propose a new logging scheme for smart devices and improve it to apply various environments. The proposed scheme satisfies the requirements of logging for smart devices. Thus it will help to develop a better logging in smart devices for digital evidences.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2008.06a
• /
• pp.183-188
• /
• 2008

디지털 포렌식이 활성화 되고 수사에서 활용하는 사례가 증가함에 따라 기업과 개인을 비롯한 범죄혐의자들의 이에 대응하기 위한 기술도 증가하고 있다. 이를 안티포렌식 또는 항포렌식이라고 하는데 이는 디지털 자료의 변조, 파괴, 은닉 등으로 나누어 볼 수 있다. 본 논문에서는 범죄 수사현장에서 필요한 안티포렌식에 대응하는 기술인 위 변조된 데이터 추출 기법, 슬랙 영역의 숨겨진 데이터 추출 기법, 스테카노 그래픽 추출 및 분석 기법, 암호 복호화 기법, 삭제된 데이터 및 파괴된 데이터 복원 기법을 소개하고, 이에 대한 대비책을 제시한다. 본 연구를 통하여 첨단 범죄 수사관들이 안티디지털포렌식에 대한 새로운 디지털 증거의 추출과 분석에 기여하여 컴퓨터 및 첨단 범죄에 대한 디지털 포렌식 기술로 새로운 수사의 방향을 제시 할 수 있을 것이다.

• The Journal of Society for e-Business Studies
• /
• v.22 no.1
• /
• pp.107-122
• /
• 2017

Nowadays, digital forensic experts are not only computer experts who restore and find deleted files, but also general experts who posses various capabilities including knowledge about processes/laws, communication skills, and ethics. However, there have been few studies about qualifications or competencies required for digital forensic experts comparing with their importance. Therefore, in this study, AHP questionnaires were distributed to digital forensic experts and analyzed to derive priorities of competencies; the first-tier questions which consisted of knowledge, technology, and attitude, and the second-tier ones which have 20 items. Research findings showed that the most important competency was knowledge, followed by technology and attitude but no significant difference was found. Among 20 items of the second-tier competencies, the most important competency was "digital forensics equipment/tool program utilization skill" and it was followed by "data extraction and imaging skill from storage devices." Attitude such as "judgment," "morality," "communication skill," "concentration" were subsequently followed. The least critical one was "substantial law related to actual cases." Previous studies on training/education for digital forensics experts focused on law, IT knowledge, and usage of analytic tools while attitude-related competencies have not given proper attention. We hope this study can provide helpful implications to design curriculum and qualifying exam to foster digital forensic experts.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.111-118
• /
• 2008

Computer forensics have been used for verify a crime when industry secret information or cyber crime occurred. However, these methods are simple analysis which cannot find the problem of deleted files. Therefore these cannot be a trusty evidence in a law court. We studied with focus on connectivity principle because it has never tried yet. In this paper, we developed optimizing detection model through systemized analysis between user-delete method and operating system-delete method. Detection model has 3 cases; Firstly, case of deleted by a user, secondly, case of deleted by application. Thirdly case of deleted by operating system. Detection model guarantees optimized performance because it is used in actual field.

• Journal of Advanced Navigation Technology
• /
• v.17 no.1
• /
• pp.63-68
• /
• 2013

Recently, companies seek a way to overcome their financial crisis by reducing costs in the field of IT. In such a circumstance, cloud computing is rapidly emerging as an optimal solution to the crisis. Even in a digital forensic investigation, whether users of an investigated system have used a cloud service is a very important factor in selecting additional investigated subjects. When a user has used cloud services, such as Daum Cloud and Google Docs, it is possible to connect to the could service from a remote place by acquiring the user's log-in information. In such a case, evidence data should be collected from the remote place for an efficient digital forensic investigation, and it is needed to conduct research on the collection and analysis of data from various kinds of cloud services. Thus, this study suggested a digital forensic framework considering cloud environments by investigating collection and analysis techniques for each cloud service.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.4
• /
• pp.31-41
• /
• 2012

The law enforcement agencies in the worldwide are confiscating or retaining computer systems involved in a crime/civil case, if there are any, at the preliminary investigation stage, even though the case does not involve a cyber-crime. They are collecting digital evidences from the suspects's systems and using them in the essential investigation procedure. It requires much time, though, to collect, duplicate and analyze disk images in general crime cases, especially in cases in which rapid response must be taken such as kidnapping and murder cases. The enterprise forensics, moreover, it is impossible to acquire and duplicate hard disk drives in mass storage server, database server and cloud environments. Therefore, it is efficient and effective to selectively collect only traces of the behavior of the user activities on operating systems or particular files in focus of triage investigation. On the other hand, if we acquire essential digital evidences from target computer, it is not forensically sound to collect just files. We need to use standard digital evidence container from various sources to prove integrity and probative of evidence. In this article, we describe a new digital evidence container, we called Xebeg, which is easily able to preserve collected digital evidences selectively for using general technology such as XML and PKZIP compression technology, which is satisfied with generality, integrity, unification, scalability and security.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.203-211
• /
• 2021

Image tampering detection and localization have become an active area of research in the field of digital image forensics in recent times. This is due to the widespread of malicious image tampering. This study presents a new method for image tampering detection and localization that combines the advantages of dilated convolution, residual network, and UNET Architecture. Using the UNET architecture as a backbone, we built the proposed network from two kinds of residual units, one for the encoder path and the other for the decoder path. The residual units help to speed up the training process and facilitate information propagation between the lower layers and the higher layers which are often difficult to train. To capture global image tampering artifacts and reduce the computational burden of the proposed method, we enlarge the receptive field size of the convolutional kernels by adopting dilated convolutions in the residual units used in building the proposed network. In contrast to existing deep learning methods, having a large number of layers, many network parameters, and often difficult to train, the proposed method can achieve excellent performance with a fewer number of parameters and less computational cost. To test the performance of the proposed method, we evaluate its performance in the context of four benchmark image forensics datasets. Experimental results show that the proposed method outperforms existing methods and could be potentially used to enhance image tampering detection and localization.