• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.23-32
• /
• 2017

With the development of information and communication technology, various data including digital data have increased exponentially. In a society where such data utilization is generalized, criminal investigation processes and trial processes have also been influenced. However, in comparison with the progress of the technical capability and analytical capability of digital certification which is increasing exponentially, the establishment of the digital forensic related legal system is still in short supply. Therefore, it is necessary to activate balanced research for legal recognition of digital certification. Therefore, in this research, meta analysis was conducted to grasp trends of research related to digital forensics and to provide objective data for research revitalization.

• Analytical Science and Technology
• /
• v.18 no.4
• /
• pp.362-367
• /
• 2005

The human mitochondrial genome (mtDNA) has been an important tool in the field of forensic investigations. Within the entire mtDNA molecule, the non-coding control region which is approximately 1,100 bp including hypervariable region I and II (HV1 and HV2) is widely studied because it is highly polymorphic and useful for human identification purposes. In this study, 360 unrelated Koreans were analyzed in HV1. The number of polymorphic sites and genetic lineage were 124 and 210, respectively. The most prevalent substitution was C-T and 75.8% of DNA showed C-T substitution at 16223. There were 20 kinds of polymorphism between 16180 and 16193 including insertion and deletion. The most frequent haplotype was [16223T, 16362C] representing 5%. Approximately 25.9% of DNA showed the same haplotype in at least two samples. The gene diversity was calculated to 0.996 and the probability of two unrelated perosons having the same haplotype was determined to 0.7%.

• Phonetics and Speech Sciences
• /
• v.14 no.3
• /
• pp.103-112
• /
• 2022

Due to the popularization of smartphones, most of the recorded speech files submitted as evidence of recent crimes are produced by smartphones, and the integrity (forgery) of the submitted speech files based on smartphones is emerging as a major issue in the investigation and trial process. Samsung smartphones with the highest domestic market share are distributed with built-in speech recording applications that can record calls and voice, and can edit recorded speech. Unlike editing through third-party speech (audio) applications, editing by their own builtin speech applications has a high similarity to the original file in metadata structures and attributes, so more precise analysis techniques need to prove integrity. In this study, we constructed a speech file metadata database for speech files (original files) recorded by 34 Samsung smartphones and edited speech files edited by their built-in speech recording applications. We analyzed by comparing the metadata structures and attributes of the original files to their edited ones. As a result, we found significant metadata differences between the original speech files and the edited ones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.745-756
• /
• 2020

An ICS(industrial control system) is a complex system that safely and efficiently monitors and controls industrial processes such as electric power, water treatment, transportation, automation plants and chemical plants. Because successful cyber attacks targeting ICS can lead to casualties or serious economic losses, it becomes a prime target of hacker groups sponsored by national state. Cyber campaigns such as Stuxnet, Industroyer and TRITON are real examples of successful ICS attacks, and were developed based on the deep knowledge of the target ICS. Therefore, for incident investigation of ICSs, inspectors also need knowledge of control processes and accident investigation techniques specialized for ICSs. Because there is no applicable technology, it is especially necessary to develop techniques and tools for embedded controllers located at cyber and physical boundaries. As the first step in this research, we reviewed logging capability of 4 PLC(Programmable Logic Controller)s widely used in an ICS area, and checked whether selected PLCs generate logs that can be used for digital investigation in the proposed cyber attack scenario.

• Analytical Science and Technology
• /
• v.21 no.3
• /
• pp.222-228
• /
• 2008

On living skin the chances of a successfully developing latent fingerprint are very limited. This is due to the fact that continual perspiration and rapid absorption diffuse into the lipophillic layer on skin. A study was conducted to investigate effectively developing method of latent fingerprints on human skin surfaces and pig skin likely corpse's skin. We used commercial fingerprint powder, black powders, black magnetic powder, fluorescence magnetic powder, Cyanoacrylate fuming (CA) and direct lifting methods (lifting paper, glasses and photo glossy paper). Developing of fresh fingerprints on living skin was achieved with S-powderblack, CA fuming and CA fuming following S-powder, fluorescence powder. The other powder tends to overwhelm the latent print and the background. But, latent fingerprint residue was disappeared with time after deposit on a living surface. In case of pig skin likely corpse's skin, latent fingerprint detection was achieved with CA fuming following S-powder and deposited print during 6 hr at $25^{\circ}C$, 40% relative moisture yielded excellent fingerprints with clear ridge details using 1 min CA fuming. And enhancement of fingerprint detection image using forensic light source was achieved.

• Analytical Science and Technology
• /
• v.21 no.4
• /
• pp.338-343
• /
• 2008

Extraction of DNA from skeletal material is of great importance in the identification of human remains, but is particularly difficult because the high amount of microbial DNA was often co-extracted with human bone DNA. We found that a phenol/chloroform extraction, followed by ultrafiltration, and cleanup by via the $QIAquick^{(R)}$ PCR purification kit yields higher amounts of human genomic DNA compared with extraction by the column affinity $method^{(R)}$ alone. Ultrafiltration extraction of human DNA from ten exhumed bone samples yielded $0.041-1.120ng/{\mu}L$ DNA (mean = $0.498ng/{\mu}L$ DNA), and purification using the column affinity resulted in $0.016-0.064ng/{\mu}L$ DNA (mean = $0.034ng/{\mu}L$ DNA). Although the STR genotyping by the column affinity method was partially successful, all DNA samples by the ultrafiltration method produced full profiles from the multiplex PCR. The efficiency of STR genotyping was in accordance with the amounts of the human DNA extracted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.111-122
• /
• 2018

Using OAuth protocol, third-party applications on the Android operating system use user's credentials or access tokens that have access authority on user's resources to gain user's account and personal information from account information providers. These credentials and token information are stored in the device by the OAuth data management method provided by the Android operating system. If this information is leaked, the attacker can use the leaked credential and token data to get user's personal data without login. This feature enables the digital forensic investigator to collect data directly from the remote server of the services used by the target of investigation in terms of collecting evidence data. Evidence data collected at a remote location can be a basis for secondary warranties and provide evidence which can be very important evidence when an attacker attempts to destroy evidence, such as the removal of an application from an Android device. In this paper, we analyze the management status of OAuth tokens in various Android operating system and device environment, and show how to collect data of various third party applications using it. This paper introduces a method of expanding the scope of data acquisition by collecting remote data of the services used by the subject of investigation from the viewpoint of digital forensics.

• Analytical Science and Technology
• /
• v.12 no.6
• /
• pp.565-570
• /
• 1999

The alcohol dehydrogenase (ADH) gene from Bacillus stearothermopilus was amplified by the polymerase chain reaction. The amplified DNA was inserted into the expression vector pGEX-KG, and expressed it as a fusion protein with glutathione S-transferase (GST) in E. coli. The recombinant ADH was produced by induction with 1 mM isopropyl-${\beta}$-D-thiogalactopyranoside at $37^{\circ}C$ and purified by glutathione affinity chromatography. The recombinant ADH exhibited high substrate specificity for ethanol. The activity of the recombinant ADH proceeded optimally at pH 9.0 and $70^{\circ}C$. The recombinant ADH was highly stable against high temperature. This thermostable alcohol dehydrogenase can be used for the enzymatic determination of alcohol and for the industrial production of alcohol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.511-525
• /
• 2023

As awareness of personal data protection increases, various Full Disk Encryption (FDE)-based applications are being developed that real-time encryption or use virtual drive volumes to protect data on user's PC. FDE-based applications encrypt and protect the volume containing user's data. However, as disk encryption technology advances, some users are abusing FDE-based applications to encrypt evidence associated with criminal activities, which makes difficulties in digital forensic investigations. Thus, it is necessary to analyze the encryption process used in FDE-based applications and decrypt the encrypted data. In this paper, we analyze Cryptomator and Norton Ghost, which provide volume encryption and backup functions. We analyze the encrypted data structure and encryption process to classify the main data of each application and identify the encryption algorithm used for data decryption. The encryption algorithms of these applications are recently emergin gor customized encryption algorithms which are analyzed to decrypt data. User password is essential to generate a data encryption key used for decryption, and a password acquisition method is suggested using the function of each application. This supplemented the limitations of password investigation, and identifies user data by decrypting encrypted data based on the acquired password.

• Analytical Science and Technology
• /
• v.26 no.4
• /
• pp.228-234
• /
• 2013

Methamphetamine is an amine-containing illegal drug and is distributed unlawfully in South Korea. Finding a rapid, convenient and semi-quantitative determination method for methamphetamine is a very important issue in the area of forensic drug testing. As an effort to develop new screening method, the reactions between three organic compounds which are structurally similar to methamphetamine and N-(9-fluorenylmethoxycarbonyloxy) succinimide (FMOC-NHS) were performed on silica gel ($SiO_2$) TLC plates. Three reference compounds were synthesized and used for the identification, comparison and study of the limit of detection (LOD) of the products obtained from a direct reaction on a TLC plate. As a result, FMOC-NHS as a derivatization reagent generated compounds containing highly UV-active functional groups on the TLC plate after reacting with primary- and secondary amines. In the experiment 2D the LOD of amines was in the range of 0.045 and 0.01 mg/mL ($2{\mu}L/spot$), and in 1D the LOD was in the range of 0.002 and 0.007 mg/mL ($2{\mu}L/spot$). The LODs of the compounds tested were dependent on the concentration of the derivatizing reagent.