• Journal of Internet Computing and Services
• /
• v.12 no.5
• /
• pp.47-61
• /
• 2011

Recently, the importance of digital forensic has been magnified because of the dramatic increase of cyber crimes and the increasing complexity of the investigation of target systems such as PCs, servers, and database systems. Moreover, some systems have to be investigated with live forensic techniques. However, even though live forensic techniques have been improved, they are still vulnerable to anti-forensic activities when the target systems are remotely accessible by criminals or their accomplices. To solve this problem, we first suggest a layer-based model and the anti-forensic scenarios which can actually be applicable to each layer. Our suggested model, the Anti-Forensic Activites layer-based model, has 5 layers - the physical layer, network layer, OS layer, database application layer and data layer. Each layer has possible anti-forensic scenarios with detailed commands. Second, we propose a fuzzy expert system for effectively detecting anti-forensic activities. Some anti-forensic activities are hardly distinguished from normal activities. So, we use fuzzy logic for handling ambiguous data. We make rule sets with extracted commands and their arguments from pre-defined scenarios and the fuzzy expert system learns the rule sets. With this system, we can detect anti-forensic activities in real time when performing live forensic.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.2
• /
• pp.626-643
• /
• 2023

As mobile forensics has emerged as an essential technique, the demand for technology development, education and training is increasing, wherein images are used. Academic societies in South Korea and national institutions in the US and the UK are leading the Mobile Forensic Image development. However, compared with disks, images developed in a mobile environment are few cases and have less active research, causing a waste of time, money, and manpower. Mobile Forensic Images are also difficult to trust owing to insufficient verification processes. Additionally, in South Korea, there are legal issues involving the Telecommunications Business Act and the Act on the Protection and Use of Location Information. Therefore, in this study, we requested a review of a standard model for the development of Mobile Forensic Image from experts and designed an 11-step development model. The steps of the model are as follows: a. setting of design directions, b. scenario design, c. selection of analysis techniques, d. review of legal issues, e. creation of virtual information, f. configuring system settings, g. performing imaging as per scenarios, h. Developing a checklist, i. internal verification, j. external verification, and k. confirmation of validity. Finally, we identified the differences between the mobile and disk environments and discussed the institutional efforts of South Korea. This study will also provide a guideline for the development of professional quality verification and proficiency tests as well as technology and talent-nurturing tools. We propose a method that can be used as a guide to secure pan-national trust in forensic examiners and tools. We expect this study to strengthen the mobile forensics capabilities of forensic examiners and researchers. This research will be used for the verification and evaluation of individuals and institutions, contributing to national security, eventually.

• Journal of Information Processing Systems
• /
• v.16 no.4
• /
• pp.760-773
• /
• 2020

When a crime occurs, the information necessary for solving the case, and various pieces of the evidence needed to prove the crime are collected from the crime scene. The tangible residues collected through scientific methods at the crime scene become evidence at trial and a clue to prove the facts directly against the offense of the suspect. Therefore, the scientific investigation and forensic handling for securing objective forensic in crime investigation is increasingly important. Today, digital systems, such as smartphones, CCTVs, black boxes, etc. are increasingly used as criminal information investigation clues, and digital forensic is becoming a decisive factor in investigation and trial. However, the systems have the risk that digital forensic may be damaged or manipulated by malicious insiders in the existing centralized management systems based on client/server structure. In this paper, we design and implement a blockchain based digital forensic management model using Hyperledger Fabric and Docker to guarantee the reliability and integrity of digital forensic. The proposed digital evidence management model allows only authorized participants in a distributed environment without a central management agency access the network to share and manage potential crime data. Therefore, it could be relatively safe from malicious internal attackers compared to the existing client/server model.

• Journal of Digital Convergence
• /
• v.13 no.4
• /
• pp.81-87
• /
• 2015

This study will show the digital forensic model which fights against cyber-crimes to prepare various cyber-crimes. The digital forensic model will be more useful about the investigation of cyber-crimes and arresting criminals after researching the uses of the digital forensic model and cyber-crime rates in South Korea. This model conduct the standardized data with various languages by the language support system through the digital forensic analyzer. This model will send the data to law enforcement reviewing whether or not we ought to prove criminal charges. Moreover, law enforcement can access the file system to find out admissibility of evidence. And this model simplifies lawful investigation about additional investigation. The data, which is conducted and saved by the digital forensic system, will be helpful to protect against the future crimes because of the data.

• Analytical Science and Technology
• /
• v.34 no.5
• /
• pp.231-239
• /
• 2021

Detection of fire accelerants from fire residues is critical to determine whether the case was arson or accidental fire. However, to develop a standardized model for determining the presence or absence of fire accelerants was not easy because of high temperature which cause disappearance or combustion of components of fire accelerants. In this study, logistic regression, random forest, and support vector machine models were trained and evaluated from a total of 728 GC-MS analysis data obtained from actual fire residues. Mean classification accuracies of the three models were 63 %, 81 %, and 84 %, respectively, and in particular, mean AU-PR values of the three models were evaluated as 0.68, 0.86, and 0.86, respectively, showing fine performances of random forest and support vector machine models.

• Journal of Welding and Joining
• /
• v.34 no.5
• /
• pp.47-53
• /
• 2016

The aim of this study is to consider effect of weld elastic modulus on simulations of stress concentration and fatigue life for pressure vessel. The investigations include analysis with ADINA and WINLIFE softwares for whole body model about using condition of the boiler vessel. Values of weld elastic modulus were divided by 5 steps in butt weld area of the boiler vessel body. The stress concentration of the butt weld more was increased in case of higher elastic modulus of weld area because of higher difference of material properties between matrix and weld. It was concluded that the fatigue lives were decreased along increasing stress concentration due to high elastic modulus of weld. The matrix microstructure was estimated as pearlitic structure of ${\alpha}$ ferrite and pearlite. And the microstructures of welds along 5 steps of elastic modulus were estimated as bainitic fine pearlite and martensite as increasing elastic modulus.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.4
• /
• pp.16-22
• /
• 2012

In this paper, the forensic marking algorithm is proposed using psychoacoustic model II and MDCT for high-quality audio. The proposed forensic marking method, that inserts the user fingerprinting code of the audio content into the selected sub-band, in which audio signal energy is lower than the spectrum masking level. In the range of the one frame which has 2,048 samples for FFT of original audio signal, the audio forensic marking is processed in 3 sub-bands. According to the average attack of the fingerprinting codes, one frame's SNR is measured on 100% trace ratio of the collusion codes. When the lower strength 0.1 of the inserted fingerprinting code, SNR is 38.44dB. And in case, the added strength 0.5 of white gaussian noise, SNR is 19.09dB. As a result, it confirms that the proposed audio forensic marking algorithm is maintained the marking robustness of the fingerprinting code and the audio high-quality.

• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.15-20
• /
• 2017

Cloud computing is a service that to use IT resources (software, storage, server, network) through various equipment in an Internet-enabled environment. Due to convenience, efficiency, and cost reduction, the utilization rate has increased recently. However, Cloud providers have become targets for attack Also, Abuse of cloud service is considered as the top security threat. The existing digital forensic procedures are suitable for investigations on individual terminals. In this paper, we propose a new investigation model by analyzing the vulnerable points that occur when you investigate the cloud environment with the existing digital forensic investigation procedure. The proposed investigation model adds a way to obtain account information, and can apply public cloud and private cloud together. Cloud services are also easily accessible and are likely to destroy digital evidence. Therefore, the investigation model was reinforced by adding an account access blocking step.

• Analytical Science and Technology
• /
• v.27 no.1
• /
• pp.41-59
• /
• 2014

The aims of this work were the identification and the classification of fresh lubricants and used engine oils of vehicles for the application in forensic science field-80 kinds of fresh lubricants were purchased and 86 kinds of used engine oils were sampled from 24 kinds of diesel and gasoline vehicles with different driving conditions. The sample of lubricants and used engine oils were analyzed by GC/MS. The Bayesian model technique was developed for classification or identification. Both the wavelet fitting and the principal component analysis (PCA) techniques as a data dimension reduction were applied. In fresh lubricants classification, the rates of matching by Bayesian model technique with wavelet fitting and PCA were 97.5% and 96.7%, respectively. The Bayesian model technique with wavelet fitting was better to classify lubricants than it with PCA based on dimension reduction. And we selected the Bayesian model technique with wavelet fitting for classification of lubricants. The other experiment was the analysis of used engine oils which were collected from vehicles with the several mileage up to 5,000 km after replacing engine oil. The eighty six kinds of used engine oil sample with the mileage were collected. In vehicle classification (total 24 classes), the rate of matching by Bayesian model with wavelet fitting was 86.4%. However, in the vehicle's fuel type classification (whether it is gasoline vehicle or diesel vehicle, only total 2 classes), the rate of matching was 99.6%. In the used engine oil brands classification (total 6 classes), the rate of matching was 97.3%.