• Journal of the Korea Society of Computer and Information
• /
• v.13 no.1
• /
• pp.143-151
• /
• 2008

Execute IP traceback at this paper as target an intruder's attacking that Bypass Attack in order to avoid an exposure of own Real IP address Design IP traceback server and agent module, and install in Internet network system for Real IP traceback. Set up detection and chase range aggressive loop around connection arbitrariness, and attack in practice, and generate Real IP data cut off by fatal attacks after data and intrusion detection accessed general IP, and store to DB. Generate the Forensic data which Real IP confirms substance by Whois service, and ensured integrity and the reliability that buy to early legal proof data, and was devoted to of an invader Present the cyber criminal preventive effect that is dysfunction of Ubiquitous Information Society and an effective Real IP traceback system, and ensure a Forensic data generation basis regarding a judge's robe penalty through this paper study.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.75-84
• /
• 2015

In an "NTFS Index Record Data Hiding" method messages are hidden by using file names. Windows NTFS file naming convention has some forbidden ASCII characters for a file name. When inputting Hangul with the Roman alphabet, if the forbidden characters for the file name and binary data are used, the codes are convert to a designated unicode point to avoid a file creation error due to unsuitable characters. In this paper, the problem of a file creation error due to non-admittable characters for the file name is fixed, which is used in the index record data hiding method. Using Hangul with Roman alphabet the characters cause a file creation error are converted to an arbitrary unicode point except Hangul and Roman alphabet area. When it comes to binary data, all 256 codes are converted to designated unicode area except an extended unicode(surrogate pairs) and ASCII code area. The results of the two cases, i.e. the Hangul with Roman alphabet case and the binary case, show the applicability of the proposed method.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.12
• /
• pp.561-570
• /
• 2015

With the advance of IT technology, contents from digital multimedia devices and softwares are widely used and distributed. However, novice uses them for illegal purpose and hence there are needs for protecting contents and blocking illegal usage through multimedia forensics. In this paper, we present a forensic technique for identifying digital imaging source using sensor pattern noise. First, the way to acquire the sensor pattern noise which comes from the imperfection of photon detector against light is presented. Then, the way to identify the similarity of digital imaging sources is explained after estimating the sensor pattern noises from the reference images and the unknown image. For the performance analysis of the proposed technique, 10 devices including DSLR camera, compact camera, smartphone and camcorder are tested and quantitatively analyzed. Based on the results, the proposed technique can achieve the 99.6% identification accuracy.

• Journal of Korean Society of Archives and Records Management
• /
• v.16 no.1
• /
• pp.89-120
• /
• 2016

This study aims to understand the concept and changes of the records management of InterPARES based on the analysis of background, main research interests, and major achievements of IP3 and ITrust. To this end, this study conducted a content analysis of IP3 and ITrust to drive main keywords. This study also utilized word clouds from IP project titles. In addition, a comparative analysis of IP3 and ITrust was conducted based on the environment, scope, core research areas, keywords, objectives, and record management life cycle perspectives. The research identified that InterPARES research was widely expanding the content and subject areas of the study: 1) to apply across the life cycle, as well as long-term preservation; 2) to focus on the concept of trust as well as the concept of authenticity; and 3) to include the concept of the Internet, digital forensics, and the open government along with electronic records.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.885-896
• /
• 2014

The files in computer storages can be deleted due to unexpected failures or accidents. Some malicious users often delete data by himself for anti-forensics. If deleted files are associated with crimes or important documents in business, they should be recovered and the recovery tool is necessary. The recovery methods and tools for some filesystems such as NTFS, FAT, and EXT have been developed actively. However, there has not been any researches for recovering deleted files in XFS filesystem applied to NAS or CCTV. In addition, since the current related tools are based on the traditional signature detection methods, they have low recovery rates. Therefore, this paper suggests the recovery methods for deleted files based on metadata and signature detection in XFS filesystem, and verifies the results by conducting experiment in real environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.489-499
• /
• 2017

MS office is a office software which is widely used in the world. The OOXML format has been applied to the document structure from MS office 2007 to the newest version. In this regard, the method of data concealing, which is a representative anti-forensic act has been researched and developed, so the method of detecting concealed data is very important to the digital forensic investigation. In this paper, we present an improved data concealing method bypassing the previewers detecting methods for OOXML formatted MS office documents. In addition, we show concealment of the internal data like sheets and slides for MS office 2013 Excel and PowerPoint, and suggest an improved detecting algorithm against this data concealing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.869-878
• /
• 2018

Digital Evidence Data in cyberspace is easy to modify or delete, and changes are reflected in real time, so it is necessary to acquire evidence data quickly. Collecting evidence on the client side is advantageous in that data can be acquired without time delay due to additional administrative procedures, but collection of large data is likewise vulnerable to collection time delay problem. Therefore, this paper proposes an automated evidence collection method on the client side, focusing on the major web-based services in cyberspace, and enables efficient evidence collection for large volumes of data. Furthermore, we propose a digital evidence collection system in cyberspace that guarantees the integrity of the collected digital evidence until the court submission.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.369-378
• /
• 2020

Due to the widespread use of mobile devices, smartphone penetration and usage rate continue to increase and there is also an increasing amount of data that need to be stored and managed in applications. Therefore, recent applications use mobile databases to store and manage user data. Realm database, developed in 2014, is attracting more attention from developers because of advantages of continuous updating, high speed, low memory usage, simplicity and readability of the code. It also supports an encryption to provide confidentiality and integrity of personal information stored in the database. However, since the encryption can be used as an anti-forensic technique, it is necessary to analyze the encryption and decryption processes provided by Realm Database. In this paper, we analyze the structure of Realm Database and its encryption and decryption process in detail, and analyze an application that supports an encryption to propose the use cases of the Realm Database.

• The KIPS Transactions:PartC
• /
• v.19C no.4
• /
• pp.215-224
• /
• 2012

Today, individuals and businesses are a lot of paperwork through a computer. So many documents files are creating to digital type. And the digital type files are copied, moved by various media such as USB, E-mail and so on. A careful analysis of these digital materials can be tracked that occurred during the document editing work history. About these research are on the compound document file format, but has not been studied about the new OOXML format that how to analyze linkages between different document files, tracking an internal order, finding unsaved file for identify the process of creating the file. Future, the use of OOXML format digital documents will further increase, these document work history traceability in digital forensic investigation would be a big help. Therefore, this paper on the new OOXML format(has a forensic viewpoint) will show you how to track the internal order and analyze linkages between the files.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1171-1183
• /
• 2016

Today, many domestic companies often face the lawsuits from the U.S. companies as they expand their business in the U.S. market and it is necessary for the domestic companies to prepare for the e-Discovery process in the systematic manner. Yet, the e-discovery system has not been properly established in Korea, however, domestic companies are growing more and more interests in e-Discovery processes and procedures so that they are seeking for the appropriate actions that they should take when facing lawsuits. When adopting the e-Discovery system in Korea, there are three main considerations including the differences in laws and regulations, enterprise system and language and company culture. This study aims to draw the problems for the Korean domestic companies in responding the U.S. lawsuits and to suggest the specialized e-discovery processes and procedures to effectively overcome them.