• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.647-659
• /
• 2023

As digital evidence becomes more important in criminal investigations, disputes are increasing in court. As media diversifies and the scope of analysis expands, the level of expertise in digital forensics is also increasing. However, no competency model has been developed to define the capabilities of digital evidence examiners or to judge their expertise. There have been some studies that have derived the capabilities necessary for digital evidence examiner, but they are still insufficient. Therefore, in this study, 25 competency evaluation factors in a total of 9 competency groups were defined using methodologies such as expert FGI and Delphi survey. Specifically, it was defined as Digital Forensics Theory, Digital Evidence Collection&Management, Disk Forensics, Mobile Forensics, Video Forensics, infringement forensics, DB Forensics, Embedded(IoT) Forensics, and Cloud Forensics. The digital evidence examiner competency model is expected to be used in various fields such as recruitment, education and training, and performance evaluation in the future.

• Journal of Advanced Navigation Technology
• /
• v.13 no.5
• /
• pp.639-645
• /
• 2009

It has increased rapidly use of GPS car navigation system in the last few years worldwide. The type of navigation operation is composed of hardware or software. Navigation based on software is stored in exterior storage(e.g. SD card) and executed. One of many navigation software, Mappy, is used most plentifully in Korea. It stores user information such frequently visited place, route and etc. in exterior storage. If it analyzes the dat of navigation, we gain the information such a suspect's movement, route of car. There are important means in a digital forensic perspective because it's available for investigating the crime such kidnapping, murder and etc. This paper provides the necessary information in digital investigation through the analysis of stored data of navigation in a digital forensic perspective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.23-32
• /
• 2010

Caused by the development of IT environment, the frequency of using the embedded machines is increasing in our regular life. A typical example of these embedded machines is a Multi Function Copier and it has various functions; it is used as copier, scanner, fax machine, and file server. We would like to check the existence of and the way to abstract the data that may have been saved through using the scanner of the multi function printer and discuss how to use those data as the evidence.

• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.525-533
• /
• 2015

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.2
• /
• pp.31-42
• /
• 2014

Debugger systems are necessary to apply dynamic program analysis when evaluating security properties of embedded system software. It may be possible to make the use of software-based debugger and/or DBI framework if target devices support general purpose operating systems, however, constraints on applicability as well as environmental transparency might be incurred thereby hindering overall analyzability. Analysis with JTAG (IEEE 1149.1) debugging devices can overcome these difficulties in that no change would be involved in terms of internal software environment. In that sense, JTAG API can facilitate to practically perform dynamic program analysis for evaluating security properties of target device software. In this paper, we introduce an implementation of JTAG API to enable analysis of ARM core based embedded systems. The API function set includes the categories of debugger and target device controls: debugging environment and operation. To verify API applicability, we also provide example analysis tool implementations: our JTAG API could be used to build kernel function fuzzing and live memory forensics modules.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1359-1368
• /
• 2021

Steganography is a science of embedding secret data into innocent data and its goal is to conceal the existence of a carrier data. Many research on Steganography has been proposed by various hiding and detection techniques that are based on different algorithms. On the other hand, very few studies have been conducted to analyze the performance of each Steganography software. This paper describes five different Steganography software, each having its own algorithms, and analyzes the difference of each inherent feature. Image quality metrics of Peak Signal to Noise Ratio (PSNR) and Structural SIMilarity (SSIM) are used to define its performance of each Steganography software. We extracted PSNR and SSIM results of a quantitative amount of embedded output images for those five Steganography software. The results will show the optimal steganography software based on the evaluation metrics and ultimately contribute to forensics.