• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.10
• /
• pp.421-428
• /
• 2021

The High Efficiency Image File Format (HEIF) is an MPEG-developed image format that utilizes the video codec H.265 to store still screens in a single image format. The iPhone has been using HEIF since 2017, and Android devices such as the Galaxy S10 have also supported the format since 2019. The format can provide images with good compression rates, but it has a complex internal structure and lacks significant compatibility between devices and software, making it not popular to replace commonly used JPEG (or JPG) files. However, despite the fact that many devices are already using HEIF, digital forensics research regarding it is lacking. This means that we can be exposed to the risk of missing potential evidence due to insufficient understanding of the information contained inside the file during digital forensics investigations. Therefore, in this paper, we analyze the HEIF formatted photo file taken on the iPhone and the motion photo file taken on the Galaxy to find out the information and features contained inside the file. We also investigate whether or not the software we tested support HEIF and present the requirement of forensic tools to analyze HEIF.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.41-55
• /
• 2007

The certificate is used to confirm and prove the user's identity in online finance and stocks business. A user's public key is stored in the certificate(for e.g., SignCert.der) and the private key, corresponding to public key, is stored in the private key file(for e.g., SignPri.key) after encryption using the password that he/she created for security. In this paper, we show that the certificate, deleted by the commercial certificate software, can be recovered without limitation using the commercial forensic tools. In addition, we explain the problem that the private key encryption password can be detected using the SignCert.der and the SignPri.key in off-line and propose the countermeasure about the problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.605-616
• /
• 2020

Obfuscation technology delays the analysis of a program by modifying internal logic such as data structure and control flow while maintaining the program's functionality. However, the application of such obfuscation technology to malicious code frequently occurs to reduce the detection rate of malware in antivirus software. The obfuscation technology applied to protect software intellectual property is applied to the malicious code in reverse, which not only lowers the detection rate of the malicious code but also makes it difficult to analyze and thus makes it difficult to identify the functionality of the malicious code. The study of reverse obfuscation techniques that can be closely restored should also continue. This paper analyzes the characteristics of obfuscated code with the option of Pack the Output File and Import Protection among detailed obfuscation technologies provided by VMProtect 3.4.0, a popular tool among commercial obfuscation tools. We present a de-obfuscation algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.223-232
• /
• 2017

Previous research on data recovery in Microsoft SQL Server has focused on restoring data based on in the transaction log that might have deleted records exist. However, there was a limit that was not applicable if the related transaction log did not exist or the physical database file was not connected to Server. Since the suspect in the crime scene may delete the data records using a different deletion statements besides "delete", we need to check the remaining data and a recovery possibility of the deleted record. In this paper, we examined the changes "Page Allocation information" of the table, "Unallocation deleted data", "Row Offset Array" in the page according to "delete", "truncate" and "drop" events. Finally it confirmed the possibility of data recovery and availability of management tools in Microsoft SQL Server digital forensic investigation.

• Computers and Concrete
• /
• v.31 no.5
• /
• pp.419-432
• /
• 2023

Beam-column joints are a critical component of reinforced concrete frame structures. They are responsible for transferring forces between adjoining beams and columns while limiting story drifts and maintaining structural integrity. During severe loading, beam-column joints deform significantly, affecting, and sometimes governing, the overall response of frame structures. While most failure modes for beam and column elements are commonly considered in plastic-hinge-based global frame analyses, the beam-column joint failure modes, such as concrete shear and reinforcement bond slip, are frequently omitted. One reason for this is the dearth of published guidance on what type of hinges to use, how to derive the joint hinge properties, and where to place these hinges. Many beam-column joint models are available in literature but their adoption by practicing structural engineers has been limited due to their complex nature and lack of practical application tools. The objective of this study is to provide a comparative review of the available beam-column joint models and present a practical joint modeling approach for integration into commonly used global frame analysis software. The presented modeling approach uses rotational spring models and is capable of modeling both interior and exterior joints with or without transverse reinforcement. A spreadsheet tool is also developed to execute the mathematical calculations and derive the shear stress-strain and moment-rotation curves ready for inputting into the global frame analysis. The application of the approach is presented by modeling a beam column joint specimen which was tested experimentally. Important modeling considerations are also presented to assist practitioners in properly modeling beam-column joints in frame analyses.

• Journal of forensic and investigative science
• /
• v.1 no.2
• /
• pp.5-19
• /
• 2006

Data mining is an information extraction activity to discover hidden facts contained in databases. Using a combination of machine learning, statistical analysis, modeling techniques and database technology, data mining finds patterns and subtle relationships in data and infers rules that allow the prediction of future results. Typical applications include market segmentation, customer profiling, fraud detection, evaluation of retail promotions, and credit risk analysis. Law enforcement agencies deal with mass data to investigate the crime and its amount is increasing due to the development of processing the data by using computer. Now new challenge to discover knowledge in that data is confronted to us. It can be applied in criminal investigation to find offenders by analysis of complex and relational data structures and free texts using their criminal records or statement texts. This study was aimed to evaluate possibile application of data mining and its limitation in practical criminal investigation. Clustering of the criminal cases will be possible in habitual crimes such as fraud and burglary when using data mining to identify the crime pattern. Neural network modelling, one of tools in data mining, can be applied to differentiating suspect's photograph or handwriting with that of convict or criminal profiling. A case study of in practical insurance fraud showed that data mining was useful in organized crimes such as gang, terrorism and money laundering. But the products of data mining in criminal investigation should be cautious for evaluating because data mining just offer a clue instead of conclusion. The legal regulation is needed to control the abuse of law enforcement agencies and to protect personal privacy or human rights.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.745-756
• /
• 2020

An ICS(industrial control system) is a complex system that safely and efficiently monitors and controls industrial processes such as electric power, water treatment, transportation, automation plants and chemical plants. Because successful cyber attacks targeting ICS can lead to casualties or serious economic losses, it becomes a prime target of hacker groups sponsored by national state. Cyber campaigns such as Stuxnet, Industroyer and TRITON are real examples of successful ICS attacks, and were developed based on the deep knowledge of the target ICS. Therefore, for incident investigation of ICSs, inspectors also need knowledge of control processes and accident investigation techniques specialized for ICSs. Because there is no applicable technology, it is especially necessary to develop techniques and tools for embedded controllers located at cyber and physical boundaries. As the first step in this research, we reviewed logging capability of 4 PLC(Programmable Logic Controller)s widely used in an ICS area, and checked whether selected PLCs generate logs that can be used for digital investigation in the proposed cyber attack scenario.

• Korean Journal of Clinical Laboratory Science
• /
• v.53 no.4
• /
• pp.326-332
• /
• 2021

Swabs are useful and common sampling tools in various research fields, such as medicine, ecology, biotechnology, forensic medicine, and pollutant monitoring systems. Collection reagents are one of the essential components in sampling. It is important to develop a sample collection kit and designate an appropriate storage temperature because samples need to be stored for a long time. The purpose of this study was to identify the effects of three collection reagents and three storage temperatures on the recovery of living bacteria without media. We selected Escherichia coli and Staphylococcus aureus as representative environmental bacteria. Distilled water (DW), phosphate buffered saline (PBS), and Tris-EDTA (TE) buffer were used as collection reagents and stored at 22℃, 4℃, and -70℃ after sampling. The results of using each collection reagent and storage temperature on the bacteria were compared using relative light units (RLU) and the number of colony forming units (CFU). When using -70℃ storage temperature and the TE buffer, the number of living bacteria and the RLU values remained constant. It is therefore recommended that the sample be stored at -70℃ immediately after collection and a TE buffer solution be used as the collection reagent.

• Korean Journal of Forensic Psychology
• /
• v.13 no.2
• /
• pp.99-119
• /
• 2022

Research on sex offense has shown that sex offenders are very heterogeneous. Sex offenders are heterogeneous in their probability of risk of recidivism. Some sex offenders are known to be much higher in their tendencies to reactivate than others. The study examined the predictive and explanatory power of static and dynamic risk factors in STATIC-99 and HAGSOR-Dynamic which have been used in Korean correctional facilities since 2014. STATIC-99 and HAGSOR-Dynamic showed moderate predictive accuracy for all crimes(AUC = .737, AUC = .597, respectively, ps < .001). However, when examining sex crime alone, only STATIC-99 predicted recidivism significantly(AUC = .743, p < .001). The incremental predictive power of HAGSOR-Dynamic was confirmed; the explanatory power of Model 2 comprising both static and dynamic risk factors were significant beyond Model 1 comprising only static factors(∆χ²= 12.721, p < .001), but this tendency was only applied to the model of all crimes. These findings were discussed with implications of practicing the sex offender assessment and treatment.