• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.487-498
• /
• 2023

Security incidents using vulnerabilities in cloud services occur, but it is difficult to collect and analyze traces of incidents in cloud environments with complex and diverse service models. As a result, the importance of cloud forensics research has emerged, and infringement response scenarios must be designed from the perspective of cloud service users (CSUs) and cloud service providers (CSPs) based on representative security threat cases in the public cloud service model. This simulated hacking-based proactive cloud infringement response framework can be used to respond to the cloud service critical resource attack process from the viewpoint of vulnerability detection before cyberattacks occur on the cloud, and can also be expected for data acquisition. Therefore, in this paper, we propose a framework for preventive cloud infringement based on simulated hacking by analyzing and utilizing Cloudfox, a cloud penetration test tool.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.121-127
• /
• 2022

Recently, social issues related to cryptocurrency mining are continuously occurring at the same time as cryptocurrency prices are rapidly increasing. In particular, since cryptocurrency can be acquired through cryptographic operation, anyone with a computer can easily try mining, and as the asset value of major cryptocurrencies such as Bitcoin and Ethereum in creases, public interest is increasing. In addition, the number of cases where individuals who own high-spec computers mine cryptocurrencies in various places such as homes and businesses are increasing. Some miners are mining at companies or public places, not at home, due to the heat problem of computers that consume a lot of electrical energy, causing various problems in companies as well as personal moral problems. Therefore, this study studies the technology to obtain evidence for the traces of mining attempts using the Windows artifacts of the computers that mined cryptocurrency. Through this, it is expected that it can be used for internal audit to strengthen corporate security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.51-61
• /
• 2023

Messengers such as KakaoTalk, LINE, and Facebook Messenger are universal means of communication used by anyone. As the convenience functions provided to users and their usage time increase, so does the user behavior information remaining in the artifacts, which is being used as important evidence from the perspective of digital forensic investigation. However, for security reasons, most of the data is currently stored encrypted. In addition, cover-up behaviors such as intentional manipulation, concealment, and deletion are increasing, causing the problem of delaying digital forensic analysis time. In this paper, we conducted a study on the data decryption and artifacts analysis in a Windows environment for KakaoTalk, the messenger with the largest number of users in Korea. An efficient way of obtaining a decryption key and a method of identifying and decrypting messages attempted to be deleted are presented, and thumbnail artifacts are analyzed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.753-760
• /
• 2023

KakaoTalk has the highest market share among domestic messengers. As such, KakaoTalk's conversation content is an important evidence in digital forensics, and the conversation is stored in the form of an encrypted database on a user's device. In addition, macOS has the characteristic that it is difficult to access because the disk encryption function is basically activated. The decryption method of the KakaoTalk database for Windows has been studied, but the decryption method has not been studied for KakaoTalk for macOS. In this paper, research the decryption method of the KakaoTalk database for macOS and a way to Brute-Force plan using the characteristics of KakaoTalk's UserID and compare it with KakaoTalk for Windows to examine the commonalities and differences. The results of this paper are expected to be used to analyze users' actions and events when investigating crimes using macOS.

• Economic and Environmental Geology
• /
• v.56 no.5
• /
• pp.557-564
• /
• 2023

Nuclear materials such as uranium are used as fuel for nuclear power generation, but there is a high possibility that they will be used for non-peaceful purposes, so international inspections and regulations are being conducted. Isotope analysis data of fine particulate obtained from nuclear facilities can provide important information on the origin and concentration method of nuclear material, so it is widely used in the field of nuclear safety and nuclear forensics. In this study we describe the analytical method that can directly identify nuclear particles and measure their isotopic ratios for fine samples using a large-geometry secondary ion mass spectrometer and introduce its preliminary results. Using the U-200 standard material, the location of fine particles was identified and the results consistent with the standard value were obtained through microbeam analysis.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.6
• /
• pp.1103-1109
• /
• 2023

Today, as the number of audio files submitted as legal evidence increases with the proliferation of smartphones, the integrity of audio files has become an important issue. Accordingly, the purpose of this study is to explore whether the metadata and file structure of audio files recorded on Samsung smartphones can be manipulated to be identical to the original. This study was based on Samsung smartphones, the most widely used in Korea, and conducted experiments on the built-in voice recording app and the 'Easy Voice Recorder' app, which is the most popular recording app. Through the experiments of this study, it was proven that the metadata and file structure of audio files can be manipulated. Therefore, this study reveals that metadata and file structure analysis have limitations in proving the integrity when audio files are analyzed for adoption as legal evidence. They also argue for the need to develop new voice file forgery technology that does not rely on metadata and file structure analysis.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.45-55
• /
• 2023

With the widespread use of digital devices, anonymous communication technologies such as the dark web and deep web are becoming increasingly popular for criminal activity. Because these technologies leave little local data on the device, they are difficult to track using conventional crime investigation techniques. The United States and the United Kingdom have enacted laws and developed systems to address this issue, but South Korea has not yet taken any significant steps. This paper proposes a new blockchain-based crime investigation method that uses physical memory data analysis to track the behavior of anonymous network users. The proposed method minimizes infringement of basic rights by only collecting physical memory data from the device of the suspected user and storing the tracking information on a blockchain, which is tamper-proof and transparent. The paper evaluates the effectiveness of the proposed method using a simulation environment and finds that it can track the behavior of dark website users with a residual rate of 77.2%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.103-114
• /
• 2024

In a situation where drone-related crimes continue to rise, research in drone forensics becomes crucial for preventing and responding to incidents involving drones. Conducting forensic analysis on flight record files stored internally is essential for investigating illegal activities. However, analyzing flight record files generated through the exclusive DUML protocol requires a deep understanding of the protocol's structure and characteristics. Additionally, a forensic analysis tool capable of handling cryptographic payloads and analyzing various drone models is imperative. Therefore, this study presents the methods and characteristics of flight record files generated by drones. It also explains the structure of the flight record file and the features of the DUML packet. Ultimately, we conduct forensic analysis based on the presented structure of the DUML packet and propose an extension forensic analysis system that operates more universally than existing tools, performing expanded syntactic analysis.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.3
• /
• pp.55-66
• /
• 2024

Gender classification techniques have received a lot of attention from researchers because they can be used in various fields such as forensics, surveillance systems, and demographic studies. As previous studies have shown that there are distinctive features between male and female gait, various techniques have been proposed to classify gender from three dimensional(3-D) gait data. However, some of the gait features extracted from 3-D gait data using existing techniques are similar or redundant to each other or do not help in gender classification. In this study, we propose a method to select features that are useful for gender classification using a correlation-based feature selection technique. To demonstrate the effectiveness of the proposed feature selection technique, we compare the performance of gender classification models before and after applying the proposed feature selection technique using a 3-D gait dataset available on the Internet. Eight machine learning algorithms applicable to binary classification problems were utilized in the experiments. The experimental results show that the proposed feature selection technique can reduce the number of features by 22, from 82 to 60, while maintaining the gender classification performance.

• Analytical Science and Technology
• /
• v.31 no.2
• /
• pp.71-77
• /
• 2018

Detection of bloodstains is a very important process in scientific investigations, and luminol is often used for the detection of bloodstains that are not visible. Recently, new preparation methods of blood detection reagents based on luminol (BloodFlareA, B) were developed and reported to have higher active persistence and to be more economical than conventional blood detection reagent, BlueStar forensic. In this paper, we tested the specificity and effect of the BloodFlares (A and B) on DNA and compared them with those of BlueStar forensic. False positive results for the BloodFlares were not observed in semen, saliva, vaginal fluids, urine, sweat, and nasal discharge, but were observed in $CuSO_4$, $FeSO_4$, and bleach solutions, and the observed patterns were similar to those of BlueStar forensic. The effect on DNA was determined by analyzing the DNA yield, degradation index, and DNA profiling. Based on these results, we concluded that the BloodFlares based on luminol do not affect DNA stability and are applicable in forensics.