• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.12
• /
• pp.1662-1669
• /
• 2020

Google cloud includes data uploaded and synchronized by users, as well as synchronization history of all cloud services, users' smartphone usage, and location information. Therefore, Google cloud data can be useful for digital forensics from a user behavior analysis perspective. Through this paper, we have identified the types of cloud data that can be acquired using Google's Takeout service and developed a tool that can be usefully utilized in digital forensics research and investigation by screening and analyzing the data required for analyzing user behavior. Because Google cloud data is synchronized through Google accounts regardless of the type of computing device, Google service data used on various devices such as PCs, smartphones, and tablet PCs can be acquired through Google accounts without the device. Therefore, the results of this paper's research are expected to be very useful for digital forensics research and investigation in the current situation.

• Journal of Internet Computing and Services
• /
• v.23 no.2
• /
• pp.61-70
• /
• 2022

General users who use smartphone apps often use the Vault app to protect personal information such as photos and videos owned by individuals. However, there are increasing cases of criminals using the Vault app function for anti-forensic purposes to hide illegal videos. These apps are one of the apps registered on Google Play. This paper proposes a methodology for extracting feature points through XML-based keyword frequency analysis to explore Vault apps used by criminals, and text mining techniques are applied to extract feature points. In this paper, XML syntax was compared and analyzed using strings.xml files included in the app for 15 hidden Vault anti-forensics apps and non-hidden Vault apps, respectively. In hidden Vault anti-forensics apps, more hidden-related words are found at a higher frequency in the first and second rounds of terminology processing. Unlike most conventional methods of static analysis of APK files from an engineering point of view, this paper is meaningful in that it approached from a humanities and sociological point of view to find a feature of classifying anti-forensics apps. In conclusion, applying text mining techniques through XML parsing can be used as basic data for exploring hidden Vault anti-forensics apps.

• The Journal of the Convergence on Culture Technology
• /
• v.8 no.6
• /
• pp.807-812
• /
• 2022

Recently, as the number of voice recording files submitted as court evidence increases, the number of cases claiming forgery is also increasing. If the audio recording file structure and metadata, which are objective grounds, are completely forged, it is actually impossible to detect forgery of the sophisticated audio recording file. It is extremely rare for the court to reject the file structure and metadata analysis performed with the forged audio recording file. The purpose of this study is to prove that forgery of voice recording file structure and metadata is easily possible. To this end, in this study, it was introduced that forgery detection is impossible when the 'mixed paste' function, which enables sophisticated editing based on the typification of the editing method of voice recording files, is applied. Moreover, it has been proven through experiments that forgery of file structure and metadata is possible. Therefore, a stricter standard for judging the admissibility of evidence is required when the audio recording file is adopted as digital evidence. This study will not only contribute to the standard of integrity in the adoption of digital evidence by judges, but will also contribute to the method of constructing a dataset for artificial intelligence in detecting forgery of recorded files that is expected to be developed in the future.