• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.6
• /
• pp.1360-1364
• /
• 2013

Internet phone, communication cost and easy-to-use low-cost compared to the PSTN is a mobile phone of a conventional, and use of the Internet phone is spreading. Construction as part of the broadband convergence network(BCN), Internet service provider(KT, SKT, LGU+) has converted to Internet phone telephone network to all government agencies. In addition, members of the public also have an Internet phone service that you are using. In this paper, we analyze the hacking attack on IP-PBX in the IETF SIP-based that are used in Internet telephony, to the study. The test bed is constructed in the same way as the Internet telephone system to perform studies carried hacking attacks on IP-PBX, analyze the results and to extract evidence forensics. When used in crime by hacking the Internet telephone, we propose a method which can be used as evidence in forensic having legal effect.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.11
• /
• pp.101-105
• /
• 2012

Various social problems through violating personal information and privacy are growing with the rapid spread of smartphones. For this reason, variety of researches and technology developments to protect personal information being made. The smartphone, contains almost all of the personal information, can cause data spill at any time. Collecting or analyzing evidence is not an easy job with forensic analyzing tool. Android forensics research has been focused on techniques to collect and analyze data from non-volatile memory but research for volatile data is very slight. Android log is the non-volatile data that can be collected by volatile storage. It is enough to use as a material to track the usage of the Android phone because all of the recent driven records from system to application are stored. In this paper, we propose a method to respond to determining the existence of personal information leakage by filtering logs without forensic analysis tools.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.1
• /
• pp.61-68
• /
• 2015

In recent times, the median filtering (MF) detector as a forensic tool for the recovery of forgery images' processing history has concerned broad interest. For the classification of MF image, MF detector should be designed with smaller feature set and higher detection ratio. This paper presents a novel method for the detection of MF in altered images. It is transformed from BMP to several kinds of MF image by the median window size. The difference distribution values are computed according to the window sizes and then the values construct the feature set same as the MF window size. For the MF detector, the feature set transformed to the model specification which is computed using latent growth modeling (LGM). Through experiments, the test image is classified by the discriminant into two classes: the true positive (TP) and the false negative (FN). It confirms that the proposed algorithm is to be outstanding performance when the minimum distance average is 0.119 in the confusion of TP and FN for the effectivity of classification.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.54 no.5
• /
• pp.42-47
• /
• 2017

In the distribution of digital image, the median filtering is used for a forgery. This paper proposed the algorithm of a image forensics detection for the classification of median filtering. For the solution of this grave problem, the feature vector is composed of 42-Dim. The detected quantity 32, 64 and 128 of forgery image edges, respectively, which are processed by the Hough transform, then it extracted from the start-end point coordinates of the Hough Lines. Also, the Hough Peaks of the Angle-Distance plane are extracted. Subsequently, both of the feature vectors are composed of the proposed scheme. The defined 42-Dim. feature vector is trained in SVM (Support Vector Machine) classifier for the MF classification of the forged images. The experimental results of the proposed MF detection algorithm is compared between the 10-Dim. MFR and the 686-Dim. SPAM. It confirmed that the MF forensic classification ratio of the evaluated performance is 99% above with the whole test image types: the unaltered, the average filtering ($3{\times}3$), the JPEG (QF=90 and 70)) compression, the Gaussian filtered ($3{\times}3$ and $5{\times}5$) images, respectively.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.4
• /
• pp.137-148
• /
• 2011

In the past, the domestic research on mobile forensics has been limited to cell phones. Increasing use of smart phones, studies on smart phone forensic will be conducted actively in the future. In particular, the study on Android forensic is very important because Android smart phone market share is increasing rapidly. In this paper, we describe an implementation of an Android smart phone forensic tool based on logical analysis. Compared with Oxygen Forensic Suite 2010, this tool saves time it takes to perform Android smart phone forensic because this tool provides search feature and resource links for extracted media information. So far, no smart phone forensic tool is introduced in Korea. Accordingly, this tool would contribute to the advancement of the technology on smart phone forensic.

• Journal of Advanced Navigation Technology
• /
• v.18 no.1
• /
• pp.50-55
• /
• 2014

Recently, importance of digital forensics has increased and using analysis methods of digital evidence in the analysis of evidence of various types. However, analysis time and effort is steadily increasing because personal disk capacity is too big and it has many number of files. Most digital evidence has time property, such as access time, creation time, and modification time. These time information of digital evidence is one of most important factors in the digital forensic area. But if digital examiner simply analyze based on binary source only, it is possible to have wrong result because time has various types. In this paper, we classify various type of time in the digital evidence and describe advanced analysis method based on timeline chart for digital forensic investigation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.197-200
• /
• 2013

Internet phone, communication cost and easy-to-use low-cost compared to the PSTN is a mobile phone of a conventional, and use of the Internet phone is spreading. Construction as part of the broadband convergence network(BCN), Internet service provider(KT, SKT, LG) has converted to Internet phone telephone network to all government agencies. In addition, members of the public also have an Internet phone service that you are using. In this paper, we analyze the hacking attack on IP-PBX in the IETF SIP-based that are used in Internet telephony, to the study. The test bed is constructed in the same way as the Internet telephone system to perform studies carried hacking attacks on IP-PBX, analyze the results and to extract evidence forensics. When used in crime by hacking the Internet telephone, we propose a method which can be used as evidence in forensic having legal effect.

• Journal of Internet of Things and Convergence
• /
• v.5 no.1
• /
• pp.35-39
• /
• 2019

With the rapid development of the information society, the use of digital devices has increased dramatically and the importance of technology for analyzing them has increased. Digital evidence is stored in many places such as Prefetch, Recent, Registry, and Event Log even if the user has deleted it. Therefore, there is a disadvantage that the forensic analyst can not grasp the files used by the user at the beginning. Therefore, in this paper, we propose a method that the RemoveList folder exists so that the user can grasp the information of the deleted file first, and the information about the deleted file is automatically saved by using AES in RemoveList. Through this, it can be expected that the analyst can alleviate the difficulty of initially grasping the user's PC.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.185-194
• /
• 2007

WiBro has become intentionally standardize as IEEE 802.16e. This WiBro service has been started by a portable internet at home as well as abroad. In this paper, an offender hacker do not direct attack on system on system that It marched an attack directly in damage system because a place oneself in mobile station of portable internet WiBro and avoid to attack hacker's system. At this time, a mobile make use of network inspection policy for back-tracking based on log data. Used network log audit, and presented TCP/IP bases at log bases as used algorithm, the SWT technique that used Thumbprint Algorithm. Timing based Algorithm, TCP Sequence number. Study of this paper applies algorithm to have been progressed more that have a speed to be fast so that is physical logical complexity of configuration of present Internet network supplements a large disadvantage, and confirm an effective back-tracking system. result of research of this paper contribute to realize a back-tracking technique in ubiquitous in WiBro internet network.