• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.765-767
• /
• 2011

IT 와 비즈니스가 융합화 되고 정보가 디지털화 됨에 따라 그에 대한 저장매체도 점점 더 다양해지고 있다. 그 중 이동성이 편리하고 휴대하기 간편한 스마트폰을 활용하여 개인 정보를 주고 받고 이를 이용한 비즈니스가 현재 활발히 진행되고 있다. 이러한 소셜 네트워크 서비스 이용이 급격히 증가함에 따라 개인 정보 보안에 대한 중요성은 점점 더 강조 되고 있는 실정이다. 본 연구에서 제안하는 디지털 포렌식 분석 방법을 이용하면 스마트폰에서 지원하는 서비스 형태에 따라 텍스트, 이미지, 동영상 등의 개인 정보를 수집 및 분석이 가능하다. 또한 디지털 포렌식의 관점에 따라 스마트폰 에서 사용되고 있는 애플리케이션의 로그 정보를 수집 및 분석함으로써 스마트폰의 저장 장치에 남겨진 기록들을 훼손 없이 그대로 보존시키고 디지털 증거 자료로 활용이 가능해 사이버 범죄에 대한 신속한 해결이 가능하다.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.12
• /
• pp.561-570
• /
• 2015

With the advance of IT technology, contents from digital multimedia devices and softwares are widely used and distributed. However, novice uses them for illegal purpose and hence there are needs for protecting contents and blocking illegal usage through multimedia forensics. In this paper, we present a forensic technique for identifying digital imaging source using sensor pattern noise. First, the way to acquire the sensor pattern noise which comes from the imperfection of photon detector against light is presented. Then, the way to identify the similarity of digital imaging sources is explained after estimating the sensor pattern noises from the reference images and the unknown image. For the performance analysis of the proposed technique, 10 devices including DSLR camera, compact camera, smartphone and camcorder are tested and quantitatively analyzed. Based on the results, the proposed technique can achieve the 99.6% identification accuracy.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.39-54
• /
• 2018

Recently, discussions for the eradication of illegal shooting have been carried out in a socially-oriented way. The government has established comprehensive measures to eradicate cyber sexual violence crimes such as illegal shooting. Although the social interest in illegal shooting has increased, the illegal film shooting case is evolving more and more due to the development of information and communication technology. Applications that can hide confused videos are constantly circulating around the market and community sites. As a result, field investigators and professional analysts are experiencing difficulties in collecting and analyzing evidence. In this paper, we propose an evidence collection and analysis framework for illegal shooting cases in order to give practical help to illegal shooting investigation. We also proposed a system that can detect hidden applications, which is one of the main obstacles in evidence collection and analysis. We developed a detection tool to evaluate the effectiveness of the proposed system and confirmed the feasibility and scalability of the system through experiments using commercially available concealed apps.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.05a
• /
• pp.521-524
• /
• 2021

HEIF (High Efficiency File Format)는 MPEG에서 개발된 이미지 포맷으로써, 비디오 코덱인 H.265를 활용하여 정지된 화면을 하나의 이미지 형태로 저장할 수 있도록 개발된 컨테이너이다. 아이폰은 2017년부터 HEIF를 사용하고 있으며, 2019년부터는 갤럭시 S10과 같은 안드로이드 기기도 해당 포맷을 지원하고 있다. 이 포맷은 우수한 압축률을 가지도록 이미지를 제공할 수 있으나, 복잡한 내부 구조를 가지고 있으며 기기나 소프트웨어 간 호환성이 현저하게 부족하여 일반적으로 사용되는 JPEG(또는 JPG) 파일을 대체하기에는 아직 대중적이지 못한 상황이다. 하지만 이미 많은 기기에서 HEIF를 사용하고 있음에도 불구하고 디지털 포렌식 연구는 부족한 상황이다. 이는 디지털 포렌식 조사 과정에서 파일 내부에 포함된 정보의 파악이 미흡하여 잠재적인 증거를 놓칠 수 있는 위험에 노출될 수 있다. 따라서 본 논문에서는 아이폰에서 촬영된 HEIF 형식의 사진 파일과 갤럭시에서 촬영된 모션 포토 파일을 분석하여 파일 내부에 포함된 정보와 특징들을 알아본다. 또한 이미지 뷰어기능을 지원하는 소프트웨어를 대상으로 HEIF에 대한 지원 여부를 조사하고 HEIF 뷰어를 분석하는 포렌식 도구의 요구사항을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.893-906
• /
• 2023

Awareness that smartphones can be used as tools for criminal activity is prevalent in many organizations, but the functionally smartphone-like smartwatch's potential as a criminal tool is being overlooked. Considering this situation, this research verifies the possibility of information leakage through an insider's smartwatch in a situation where smartphones are controlled by security regulations and technologies, but smart watch are not. By analyzing information related application usage and Wi-Fi connection generated in the smartwatch during the verification process, forensic information and limitations are identified. Finally, this research proposes preventive methods to prepare for potential smartwatch-related crimes, and reconsiders awareness of the possibility of using smartwatches as criminal tools.

• Phonetics and Speech Sciences
• /
• v.14 no.3
• /
• pp.103-112
• /
• 2022

Due to the popularization of smartphones, most of the recorded speech files submitted as evidence of recent crimes are produced by smartphones, and the integrity (forgery) of the submitted speech files based on smartphones is emerging as a major issue in the investigation and trial process. Samsung smartphones with the highest domestic market share are distributed with built-in speech recording applications that can record calls and voice, and can edit recorded speech. Unlike editing through third-party speech (audio) applications, editing by their own builtin speech applications has a high similarity to the original file in metadata structures and attributes, so more precise analysis techniques need to prove integrity. In this study, we constructed a speech file metadata database for speech files (original files) recorded by 34 Samsung smartphones and edited speech files edited by their built-in speech recording applications. We analyzed by comparing the metadata structures and attributes of the original files to their edited ones. As a result, we found significant metadata differences between the original speech files and the edited ones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.369-378
• /
• 2020

Due to the widespread use of mobile devices, smartphone penetration and usage rate continue to increase and there is also an increasing amount of data that need to be stored and managed in applications. Therefore, recent applications use mobile databases to store and manage user data. Realm database, developed in 2014, is attracting more attention from developers because of advantages of continuous updating, high speed, low memory usage, simplicity and readability of the code. It also supports an encryption to provide confidentiality and integrity of personal information stored in the database. However, since the encryption can be used as an anti-forensic technique, it is necessary to analyze the encryption and decryption processes provided by Realm Database. In this paper, we analyze the structure of Realm Database and its encryption and decryption process in detail, and analyze an application that supports an encryption to propose the use cases of the Realm Database.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.405-415
• /
• 2020

With the increase in smartphone user, mobile forensics has become an essential element in modern digital forensic investigation. Mobile messenger data is very important data in mobile forensics because it can acquire information such as user's life pattern and mental state. In order to analyze messenger data, a decryption technique of an encrypted messenger data is required. Since most messengers provide a message deleting function, a technique for recovering deleted messages is required. WeChat Messenger, a messenger used by about 1 billion people around the world, uses IMEI (International Mobile Equipment Identity) information to encrypt data and provides message deletion function. In this paper, we propose a data decryption method in the absence of IMEI information and propose a method for recovering deleted messages using FTS (Full Text Search) database created for full-text search function of SQLite database.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.285-294
• /
• 2014

As the utilization rate of smart device increases, various applications for smart device have been developed. Since these applications can contain important data related to user behaviors in digital forensic perspective, the analysis of them should be conducted in advance. However, lots of applications get to have new data format or type when they are updated. Therefore, whether the applications are updated or not should be checked one by one, and if they are, whether their data are changed should be also analyzed. But observing application data repeatedly is a time-consuming task, and that is why the effective method for dealing with this problem is needed. This paper suggests the automatic system which gets updated information and checks changed data by collecting application information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.345-352
• /
• 2014

As the utilization rate of smart device increases, various applications for smart device have been developed. Since these applications can contain important data related to user behaviors in digital forensic perspective, the analysis of them should be conducted in advance. However, lots of applications get to have new data format or type when they are updated. Therefore, whether the applications are updated or not should be checked one by one, and if they are, whether their data are changed should be also analyzed. But observing application data repeatedly is a time-consuming task, and that is why the effective method for dealing with this problem is needed. This paper suggests the automatic system which gets updated information and checks changed data by collecting application information.