• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2023.05a
• /
• pp.98-99
• /
• 2023

In the maritime digital forensic part, it is very important and difficult process that analysis of data and information with vessel navigation system's binary log data for situation awareness of maritime accident. In recent years, analysis of vessel's navigation system's trajectory information is an essential element of maritime accident investigation. So, we made an experiment about corruption with various memory device in navigation system. The analysis of corruption test in seawater give us important information about the valid pulling time of sunken ship for acquirement useful trajectory information.

• Anatomy and Cell Biology
• /
• v.56 no.1
• /
• pp.86-93
• /
• 2023

Age at death estimation has always been a crucial yet challenging part of identification process in forensic field. The use of human skeletons have long been explored using the principle of macro and micro-architecture change in correlation with increasing age. The clavicle is recommended as the best candidate for accurate age estimation because of its accessibility, time to maturation and minimal effect from weight. Our study applies pre-trained convolutional neural network in order to achieve the most accurate and cost effective age estimation model using clavicular bone. The total of 988 clavicles of Thai population with known age and sex were radiographed using Kodak 9000 Extra-oral Imaging System. The radiographs then went through preprocessing protocol which include region of interest selection and quality assessment. Additional samples were generated using generative adversarial network. The total clavicular images used in this study were 3,999 which were then separated into training and test set, and the test set were subsequently categorized into 7 age groups. GoogLeNet was modified at two layers and fine tuned the parameters. The highest validation accuracy was 89.02% but the test set achieved only 30% accuracy. Our results show that the use of medial clavicular radiographs has a potential in the field of age at death estimation, thus, further study is recommended.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.5
• /
• pp.1273-1300
• /
• 2024

In the complex virtual environment of cyberspace, comprised of digital and communication networks, ensuring the security of information is being recognized as an ongoing challenge. The importance of 'Cyber Situation Awareness (CSA)' is being emphasized in response to this. CSA is understood as a vital capability to identify, understand, and respond to various cyber threats and is positioned at the heart of cyber security strategies from a defensive perspective. Critical industries such as finance, healthcare, manufacturing, telecommunications, transportation, and energy can be subjected to not just economic and societal losses from cyber threats but, in severe cases, national losses. Consequently, the importance of CSA is being accentuated and research activities are being vigorously undertaken. A systematic five-step approach to CSA is introduced against this backdrop, and a deep analysis of recent research trends, techniques, challenges, and future directions since 2019 is provided. The approach encompasses current situation and identification awareness, the impact of attacks and vulnerability assessment, the evolution of situations and tracking of actor behaviors, root cause and forensic analysis, and future scenarios and threat predictions. Through this survey, readers will be deepened in their understanding of the fundamental importance and practical applications of CSA, and their insights into research and applications in this field will be enhanced. This survey is expected to serve as a useful guide and reference for researchers and experts particularly interested in CSA research and applications.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.69-78
• /
• 2022

As the use of Internet of Things (IoT) devices has expanded, digital forensics coverage of the National Police Agency has expanded to smart home areas. Accordingly, most of the existing studies conducted to acquire smart home platform data were mainly conducted to analyze local data of mobile devices and analyze network perspectives. However, meaningful data for evidence analysis is mainly stored on cloud storage on smart home platforms. Therefore, in this paper, we study how to acquire stored in the cloud in a Hey Home Air environment by extracting accessToken of user accounts through a cookie database of browsers such as Microsoft Edge, Google Chrome, Mozilia Firefox, and Opera, which are recorded on a PC when users use the Hey Home app-based "Hey Home Square" service. In this paper, the it was configured with smart temperature and humidity sensors, smart door sensors, and smart motion sensors, and artifacts such as temperature and humidity data by date and place, device list used, and motion detection records were collected. Information such as temperature and humidity at the time of the incident can be seen from the results of the artifact analysis and can be used in the forensic investigation process. In addition, the cloud data acquisition method using OpenAPI proposed in this paper excludes the possibility of modulation during the data collection process and uses the API method, so it follows the principle of integrity and reproducibility, which are the principles of digital forensics.

• Journal of Arbitration Studies
• /
• v.32 no.4
• /
• pp.53-85
• /
• 2022

Small and medium-sized enterprises ("SMEs") are vulnerable to trade secret misappropriation. Korea's legislation for the protection of SMEs' trade secrets and provision of civil, criminal, and administrative remedies includes the SME Technology Protection Act, the Unfair Competition Prevention Act, the Industrial Technology Protection Act, the Mutually Beneficial Cooperation Act, and the Subcontracting Act. Among these acts, the revised SME Technology Protection Act of 2018 introduced the "administrative technology misappropriation investigation system" to facilitate a rapid resolution of SMEs' technology misappropriation disputes. On September 27, 2021, Korea's Ministry of SMEs announced that it had reached an agreement to resolve the dispute between Hyundai Heavy Industries and Samyeong Machinery through the administrative technology misappropriation investigation system. However, not until 3 years and a few months passed since the introduction of the system could it be used to resolve an SME's technology misappropriation dispute with a large corporation. So there arose a question on the usefulness of the system. Therefore, we conducted a comparative legal analysis of Korea's laws enacted to protect trade secrets of SMEs and to address technology misappropriation, focusing on their legislative purpose, protected subject matter, types of misappropriation, and legal remedies. Then we analyzed the administrative technology misappropriation investigation system and the cases where this system was applied. We developed a proposal to enhance the usefulness of the system. The expert interviews of 4 attorneys who are experienced in the management of the system to check the practical value of the proposal. Our analysis shows that the lack of compulsory investigation and criminal sanctions is the fundamental limitation of the system. We propose revising the SME Technology Protection Act to provide correction orders, criminal sanctions, and compulsory investigation. We also propose training professional workforces to conduct digital forensics, enabling terminated SMEs to utilize the system, and assuring independence and fairness of the mediation and arbitration of the technology misappropriation disputes.

• Imaging Science in Dentistry
• /
• v.36 no.1
• /
• pp.49-54
• /
• 2006

Purpose : To evaluate accuracy and reliability of program to measure facial soft tissue thickness using 3D computed tomographic images by comparing with direct measurement. Materials and Methods : One cadaver was scanned with a Helical CT with 3 mm slice thickness and 3 mm/sec table speed. The acquired data was reconstructed with 1.5 mm reconstruction interval and the images were transferred to a personal computer. The facial soft tissue thickness were measured using a program developed newly in 3D image. For direct measurement, the cadaver was cut with a bone cutter and then a ruler was placed above the cut side. The procedure was followed by taking pictures of the facial soft tissues with a high-resolution digital camera. Then the measurements were done in the photographic images and repeated for ten times. A repeated measure analysis of variance was adopted to compare and analyze the measurements resulting from the two different methods. Comparison according to the areas was analyzed by Mann-Whitney test. Results : There were no statistically significant differences between the direct measurements and those using the 3D images (p>0.05). There were statistical differences in the measurements on 17 points but all the points except 2 points showed a mean difference of 0.5 mm or less. Conclusion : The developed software program to measure the facial soft tissue thickness using 3D images was so accurate that it allows to measure facial soft tissues thickness more easily in forensic science and anthropology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.745-756
• /
• 2020

An ICS(industrial control system) is a complex system that safely and efficiently monitors and controls industrial processes such as electric power, water treatment, transportation, automation plants and chemical plants. Because successful cyber attacks targeting ICS can lead to casualties or serious economic losses, it becomes a prime target of hacker groups sponsored by national state. Cyber campaigns such as Stuxnet, Industroyer and TRITON are real examples of successful ICS attacks, and were developed based on the deep knowledge of the target ICS. Therefore, for incident investigation of ICSs, inspectors also need knowledge of control processes and accident investigation techniques specialized for ICSs. Because there is no applicable technology, it is especially necessary to develop techniques and tools for embedded controllers located at cyber and physical boundaries. As the first step in this research, we reviewed logging capability of 4 PLC(Programmable Logic Controller)s widely used in an ICS area, and checked whether selected PLCs generate logs that can be used for digital investigation in the proposed cyber attack scenario.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.1
• /
• pp.15-22
• /
• 2017

With the advance of Internet Technology, various social network services are created and used by users. Especially, the use of smart devices makes that multimedia contents can be used and distributed on social network services. However, since the crime rate also is increased by users with illegal purposes, there are needs to protect contents and block illegal usage of contents with multimedia forensics. In this paper, we propose a multimedia forensic technique which is identifying the video source. First, the scheme to acquire the sensor pattern noise (SPN) using morphology filtering is presented, which comes from the imperfection of photon detector. Using this scheme, the SPN of reference videos from the reference device is estimated and the SPN of an unknown video is estimated. Then, the similarity between two SPNs is measured to identify whether the unknown video is acquired using the reference device. For the performance analysis of the proposed technique, 30 devices including DSLR camera, compact camera, camcorder, action cam and smart phone are tested and quantitatively analyzed. Based on the results, the proposed technique can achieve the 96% accuracy in identification.

• Journal of Internet of Things and Convergence
• /
• v.9 no.6
• /
• pp.23-28
• /
• 2023

Windows operating system generates various logs with timestamps. Timestamp tampering is an act of anti-forensics in which a suspect manipulates the timestamps of data related to a crime to conceal traces, making it difficult for analysts to reconstruct the situation of the incident. This can delay investigations or lead to the failure of obtaining crucial digital evidence. Therefore, various techniques have been developed to detect timestamp tampering. However, there is a limitation in detection if a suspect is aware of timestamp patterns and manipulates timestamps skillfully or alters system artifacts used in timestamp tampering detection. In this paper, a method is designed to detect changes in timestamps, even if a suspect alters the timestamp of a file on a storage device, it is challenging to do so with precision beyond millisecond order. In the proposed detection method, the first step involves verifying the timestamp of a file suspected of tampering to determine its write time. Subsequently, the confirmed time is compared with the file size recorded within that time, taking into consideration the performance of the storage device. Finally, the total capacity of files written at a specific time is calculated, and this is compared with the maximum input and output performance of the storage device to detect any potential file tampering.