• Title/Summary/Keyword: Memory forensics

Search Result 32, Processing Time 0.018 seconds

The Trace Analysis of SaaS from a Client's Perspective (클라이언트관점의 SaaS 사용 흔적 분석)

  • Kang, Sung-Lim;Park, Jung-Heum;Lee, Sang-Jin
    • The KIPS Transactions:PartC
    • /
    • v.19C no.1
    • /
    • pp.1-8
    • /
    • 2012
  • Recently, due to the development of broadband, there is a significant increase in utilizing on-demand Saas (Software as a Service) which takes advantage of the technology. Nevertheless, the academic and practical levels of digital forensics have not yet been established in cloud computing environment. In addition, the data of user behavior is not likely to be stored on the local system. The relevant data may be stored across the various remote servers. Therefore, the investigators may encounter some problems in performing digital forensics in cloud computing environment. it is important to analysis History files, Cookie files, Temporary Internet Files, physical memory, etc. in a viewpoint of client, since the SaaS basically uses the web to connects the internet service. In this paper, we propose the method that analysis the usuage trace of the Saas which is the one of the most popular cloud computing services.

CAB: Classifying Arrhythmias based on Imbalanced Sensor Data

  • Wang, Yilin;Sun, Le;Subramani, Sudha
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.7
    • /
    • pp.2304-2320
    • /
    • 2021
  • Intelligently detecting anomalies in health sensor data streams (e.g., Electrocardiogram, ECG) can improve the development of E-health industry. The physiological signals of patients are collected through sensors. Timely diagnosis and treatment save medical resources, promote physical health, and reduce complications. However, it is difficult to automatically classify the ECG data, as the features of ECGs are difficult to extract. And the volume of labeled ECG data is limited, which affects the classification performance. In this paper, we propose a Generative Adversarial Network (GAN)-based deep learning framework (called CAB) for heart arrhythmia classification. CAB focuses on improving the detection accuracy based on a small number of labeled samples. It is trained based on the class-imbalance ECG data. Augmenting ECG data by a GAN model eliminates the impact of data scarcity. After data augmentation, CAB classifies the ECG data by using a Bidirectional Long Short Term Memory Recurrent Neural Network (Bi-LSTM). Experiment results show a better performance of CAB compared with state-of-the-art methods. The overall classification accuracy of CAB is 99.71%. The F1-scores of classifying Normal beats (N), Supraventricular ectopic beats (S), Ventricular ectopic beats (V), Fusion beats (F) and Unclassifiable beats (Q) heartbeats are 99.86%, 97.66%, 99.05%, 98.57% and 99.88%, respectively. Unclassifiable beats (Q) heartbeats are 99.86%, 97.66%, 99.05%, 98.57% and 99.88%, respectively.

Carving deleted voice data in mobile (삭제된 휴대폰 음성 데이터 복원 방법론)

  • Kim, Sang-Dae;Byun, Keun-Duck;Lee, Sang-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.57-65
    • /
    • 2012
  • People leave voicemails or record phone conversations in their daily cell phone use. Sometimes important voice data is deleted by the user accidently, or purposely to cover up criminal activity. In these cases, deleted voice data must be able to be recovered for forensics, since the voice data can be used as evidence in a criminal case. Because cell phones store data that is easily fragmented in flash memory, voice data recovery is very difficult. However, if there are identifiable patterns for the deleted voice data, we can recover a significant amount of it by researching images of it. There are several types of voice data, such as QCP, AMR, MP4, etc.. This study researches the data recovery solutions for EVRC codec and AMR codec in QCP file, Qualcumm's voice data format in cell phone.

A Study on the Crime Investigation of Anonymity-Driven Blockchain Forensics (익명 네트워크 기반 블록체인 범죄 수사방안 연구)

  • Han, Chae-Rim;Kim, Hak-Kyong
    • Convergence Security Journal
    • /
    • v.23 no.5
    • /
    • pp.45-55
    • /
    • 2023
  • With the widespread use of digital devices, anonymous communication technologies such as the dark web and deep web are becoming increasingly popular for criminal activity. Because these technologies leave little local data on the device, they are difficult to track using conventional crime investigation techniques. The United States and the United Kingdom have enacted laws and developed systems to address this issue, but South Korea has not yet taken any significant steps. This paper proposes a new blockchain-based crime investigation method that uses physical memory data analysis to track the behavior of anonymous network users. The proposed method minimizes infringement of basic rights by only collecting physical memory data from the device of the suspected user and storing the tracking information on a blockchain, which is tamper-proof and transparent. The paper evaluates the effectiveness of the proposed method using a simulation environment and finds that it can track the behavior of dark website users with a residual rate of 77.2%.

On the Availability of Anti-Forensic Tools for Android Smartphones (안드로이드 스마트폰을 위한 앤티-포렌식 도구들의 활용성)

  • Moon, Phil-Joo
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.8 no.6
    • /
    • pp.855-861
    • /
    • 2013
  • Smartphone is very useful for use in the real life through the improvement of computing power, faster data rate and the variety of applications. On the other hand, using the smartphone has been exposed to a lot of crime. Also, it occurs attempting to delete a data of smartphone memory by anti-forensic tools. In this paper, we investigate and analyze the anti-forensic tools used in the Android smartphone to study the characteristics and techniques of anti-forensic tools. In addition, experiments are performed to validate the availability of anti-forensic tools by the Oxygen Forensic Suite that is a commercial forensic tool.

Design and Forensic Analysis of a Zero Trust Model for Amazon S3 (Amazon S3 제로 트러스트 모델 설계 및 포렌식 분석)

  • Kyeong-Hyun Cho;Jae-Han Cho;Hyeon-Woo Lee;Jiyeon Kim
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.2
    • /
    • pp.295-303
    • /
    • 2023
  • As the cloud computing market grows, a variety of cloud services are now reliably delivered. Administrative agencies and public institutions of South Korea are transferring all their information systems to cloud systems. It is essential to develop security solutions in advance in order to safely operate cloud services, as protecting cloud services from misuse and malicious access by insiders and outsiders over the Internet is challenging. In this paper, we propose a zero trust model for cloud storage services that store sensitive data. We then verify the effectiveness of the proposed model by operating a cloud storage service. Memory, web, and network forensics are also performed to track access and usage of cloud users depending on the adoption of the zero trust model. As a cloud storage service, we use Amazon S3(Simple Storage Service) and deploy zero trust techniques such as access control lists and key management systems. In order to consider the different types of access to S3, furthermore, we generate service requests inside and outside AWS(Amazon Web Services) and then analyze the results of the zero trust techniques depending on the location of the service request.

Android Log Cat Systems Research for Privacy (개인정보보호를 위한 안드로이드 로그캣 시스템 연구)

  • Jang, Hae-Sook
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.11
    • /
    • pp.101-105
    • /
    • 2012
  • Various social problems through violating personal information and privacy are growing with the rapid spread of smartphones. For this reason, variety of researches and technology developments to protect personal information being made. The smartphone, contains almost all of the personal information, can cause data spill at any time. Collecting or analyzing evidence is not an easy job with forensic analyzing tool. Android forensics research has been focused on techniques to collect and analyze data from non-volatile memory but research for volatile data is very slight. Android log is the non-volatile data that can be collected by volatile storage. It is enough to use as a material to track the usage of the Android phone because all of the recent driven records from system to application are stored. In this paper, we propose a method to respond to determining the existence of personal information leakage by filtering logs without forensic analysis tools.

Analysis of Encryption and Decryption Processes of Realm Database and Its Application (Realm 데이터베이스 암·복호화 프로세스 및 기반 애플리케이션 분석)

  • Youn, Byungchul;Park, Myungseo;Kim, Jongsung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.3
    • /
    • pp.369-378
    • /
    • 2020
  • Due to the widespread use of mobile devices, smartphone penetration and usage rate continue to increase and there is also an increasing amount of data that need to be stored and managed in applications. Therefore, recent applications use mobile databases to store and manage user data. Realm database, developed in 2014, is attracting more attention from developers because of advantages of continuous updating, high speed, low memory usage, simplicity and readability of the code. It also supports an encryption to provide confidentiality and integrity of personal information stored in the database. However, since the encryption can be used as an anti-forensic technique, it is necessary to analyze the encryption and decryption processes provided by Realm Database. In this paper, we analyze the structure of Realm Database and its encryption and decryption process in detail, and analyze an application that supports an encryption to propose the use cases of the Realm Database.

A Study of Acquisition and Analysis on the Bios Firmware Image File in the Digital Forensics (디지털 포렌식 관점에서 BIOS 펌웨어 이미지 파일 수집 및 분석에 관한 연구)

  • Jeong, Seung Hoon;Lee, Yun Ho;Lee, Sang Jin
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.5 no.12
    • /
    • pp.491-498
    • /
    • 2016
  • Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

An Implementation of JTAG API to Perform Dynamic Program Analysis for Embedded Systems (임베디드 시스템 동적 프로그램 분석을 위한 JTAG API 구현)

  • Kim, Hyung Chan;Park, Il Hwan
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.3 no.2
    • /
    • pp.31-42
    • /
    • 2014
  • Debugger systems are necessary to apply dynamic program analysis when evaluating security properties of embedded system software. It may be possible to make the use of software-based debugger and/or DBI framework if target devices support general purpose operating systems, however, constraints on applicability as well as environmental transparency might be incurred thereby hindering overall analyzability. Analysis with JTAG (IEEE 1149.1) debugging devices can overcome these difficulties in that no change would be involved in terms of internal software environment. In that sense, JTAG API can facilitate to practically perform dynamic program analysis for evaluating security properties of target device software. In this paper, we introduce an implementation of JTAG API to enable analysis of ARM core based embedded systems. The API function set includes the categories of debugger and target device controls: debugging environment and operation. To verify API applicability, we also provide example analysis tool implementations: our JTAG API could be used to build kernel function fuzzing and live memory forensics modules.