• The Journal of Society for e-Business Studies
• /
• v.22 no.1
• /
• pp.107-122
• /
• 2017

Nowadays, digital forensic experts are not only computer experts who restore and find deleted files, but also general experts who posses various capabilities including knowledge about processes/laws, communication skills, and ethics. However, there have been few studies about qualifications or competencies required for digital forensic experts comparing with their importance. Therefore, in this study, AHP questionnaires were distributed to digital forensic experts and analyzed to derive priorities of competencies; the first-tier questions which consisted of knowledge, technology, and attitude, and the second-tier ones which have 20 items. Research findings showed that the most important competency was knowledge, followed by technology and attitude but no significant difference was found. Among 20 items of the second-tier competencies, the most important competency was "digital forensics equipment/tool program utilization skill" and it was followed by "data extraction and imaging skill from storage devices." Attitude such as "judgment," "morality," "communication skill," "concentration" were subsequently followed. The least critical one was "substantial law related to actual cases." Previous studies on training/education for digital forensics experts focused on law, IT knowledge, and usage of analytic tools while attitude-related competencies have not given proper attention. We hope this study can provide helpful implications to design curriculum and qualifying exam to foster digital forensic experts.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.856-858
• /
• 2001

지적 재산권 보호 중에서 디지털 저작물 보호는 근래에 활발히 연구되고 있으며 법 과학 분야는 지문감식, 치아감정, DNA 등 많은 분야가 있다. 법과학 분야 중 법적용 컴퓨팅(Forensic Computing)에 관한 응용은 새로운 연구 과제이다. 그 중에서도 디지털 저작물에 대하여 증거를 보전 하고자 많은 연구가 진행되고 있지만 디지털 저작물에 관하여 네트워크를 통한 능동적 저작물 보호는 미약하다. 현재의 데이터 추출(Extraction), 발굴(Exploitation), 복구, 암호 해독, 패스워스 풀기(Defeat), 미러 이미징 등의 방법 가지고 해결 못하는 경우와 인터넷 상에서 온라인으로 이루어지는 불법 복제에서 결정적 기여(smoking gun)를 찾아내려고 하는 것이 본 논문에서 해결 하고자 하는 부분이다. 오프라인일 경우도 가능하며 분석된 결과는 변호사/대리인, 법인, 보험회사, 법집행관 등에게 온라인으로 제공한다. 진행 과정은 서버에서 파견시킨, 미션을 부여받은 에이전트가 저작물 불법 복제 상황을 트래킹 한 후, 네트워크를 통하여 정해진 시간별로 서버에 전달하면, 법 조항과 매핑시켜서 분석한 다음 서버의 지식베이스에 저장되어 사용자의 요구에 응하는 능동형 디지털 저작물 보호 관리 시스템이다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.433-436
• /
• 2001

지적 재산권 보호 중에서 디지털 상거래에서 가장 절실한 저작물 보호는 근래에 활발히 연구되고 있으며 법 과학 분야는 지문감식, 치아감정 DNA 등 많은 분야가 있다. 그러나 법과학 분야중 법적용 컴퓨팅(Forensic Computing)에 관한 응용은 아직 부족한 상태이다. 그중에도 디지털 저작물에 대하여 증거를 보전 하고자 많은 연구가 진행 되고 있지만 디지털 저작물에 관하여 네트워크를 통한 능동적 저작물 보호는 미약하다. 현재의 데이터 추출(Extraction), 발굴(Exploitation), 복구, 암호 해독, 패스워스 풀기(Defeat), 미러 이미징등의 방법 가지고 해결 못하는 경우와 인터넷 상에서 온라인으로 이루어지는 불법 복제에서 결정적 기여(smoking gun)를 찾아내려고 하는 것이 본 논문에서 해결 하고자 하는 부분이다. 오프라인일 경우도 가능하며 분석된 결과는 변호사/대리인, 법인, 보험회사, 법집행관등에게 온라인으로 제공한다. 진행 과정은 서버에서 파견시킨, 미션을 부여받은 에이전트가 저작물 불법 복제 상황을 트래킹 한 후, 네트워크를 통하여 정해진 시간별로 서버에 전달하면, 법 조항과 매핑시켜서 분석한 다음 서버의 지식베이스에 저장되어 사용자의 요구에 응하는 능동형 디지털 저작물 보호 관리 시스템이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.87-96
• /
• 2006

In this paper, we examine general digital evidence collection process which is according to RFC3227 document[l], and establish specific steps for memory information collection. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system. Especially, we discovered sensitive data which is like password and userID that exist in the half of pagefiles. Moreover, we suggest each analysis technique and computer forensic process for memory information and virtual memory.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.189-191
• /
• 2022

In modern society, messenger services are necessary to communication with others, and criminals are no exception. In representative cases of Burning Sun Gate(2018) and NthRoom(2019), messenger data analysis was used as a smoking gun to solve these criminal cases. Therefore messenger text analytics is critical for the resolution of crimes in a modern environment. also, it takes a lot of time to analyze messenger data in the digital forensic investigation process, so researchers in text mining need to be more effective to respond with the current situation In this paper, we study various natural language preprocessing(NLP) methods according to the characteristics of instant messages to effectively proceed with NLP analysis on instant messengers.

• Computers and Concrete
• /
• v.1 no.1
• /
• pp.1-14
• /
• 2004

Computer-based analysis tools for forensic assessment of reinforced concrete structures are presented. The analysis tools, mostly in the form of nonlinear finite element procedures, are based on the concepts and formulations of the Modified Compression Field Theory. Relevant details regarding their formulation are provided. Development of realistic constitutive models and corroboration of the analysis procedures, through comprehensive experimental programs, are discussed. Also presented are graphics-based pre- and post-processors, which are of significant aid in structural modeling, input of data, and interpretation of analysis results. The details and results of a case study, illustrating the application and value of such analytical tools, are also discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.69-81
• /
• 2006

The Computer Forensics is a research area that finds the malicious users by collecting and analyzing the intrusion or infringement evidence of computer crimes such as hacking. Many researches about Computer Forensics have been done so far. But those researches have focussed on how to collect the forensic evidence for both analysis and poofs after receiving the intrusion or infringement reports of hosts from computer users or network administrators. In this paper, we describe how to collect the forensic evidence of good quality from observable and protective hosts at the time of infringement occurrence by malicious users. By correlating the event logs of Intrusion Detection Systems(IDSes) and hosts with the configuration information of hosts periodically, we calculate the value of infringement severity that implies the real infringement possibility of the hosts. Based on this severity value, we selectively collect the evidence for proofs at the time of infringement occurrence. As a result, we show that we can minimize the information damage of the evidence for both analysis and proofs, and reduce the amount of data which are used to analyze the degree of infringement severity.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.07a
• /
• pp.111-113
• /
• 2013

엘리베이터 내부에서는 흡연이나 음주 등 사회적으로 폐가되는 행동은 금지되어 있다. 승강기 내에서 흡연을 하는 것은 상도덕에 어긋나는 일이며 자라는 우리 아이들과 여성들에게 매우 치명적일 수 있다. 본 논문에서는 승강기 내에서 흡연을 하는 사람을 추출하여 포렌식 증거 자료로 제출하기 위해서이다. 방법은 흰색 막대를 입에 물거나, 연기를 내품는 사람을 추출하는 것이다. 방법은 장면 전환 검출에서 평균 명암 측정 방법으로 추출한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.10
• /
• pp.2427-2432
• /
• 2014

Color-$X^2$ is used as a method for scene change detection. It extracts a violent scene in an elevator and then could be used for real-time surveillance of criminal acts. The scene could be also used to secure after-discovered evidences and to prove analysis processes. Video Forensic is defined as a research on various methods to efficiently analyze evidences upon crime-related visual images in the field of digital forensic. The method to use differences of color-histogram detects the difference values of histogram for RGB color from two frames respectively. Our paper uses Color-$X^2$ histogram that is composed of merits of color histogram and ones of $X^2$ histogram, in order to efficiently extract violent scenes in elevator. Also, we use a threshold so as to find out key frame, by use of existing Color-$X^2$ histogram. To increase the probability that discerns whether a real violent scene or not, we take advantage of statistical judgments with 20 sample visual images.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.95-104
• /
• 2017

As the technology in smart device is growing and Social Network Services(SNS) are becoming more common, the data which is difficult to be processed by existing RDBMS are increasing. As a result of this, NoSQL databases are getting popular as an alternative for processing massive and unstructured data generated in real time. The demand for the technique of digital investigation of NoSQL databases is increasing as the businesses introducing NoSQL database in their system are increasing, although the technique of digital investigation of databases has been researched centered on RDMBS. New techniques of digital forensic investigation are needed as NoSQL Database has no schema to normalize and the storage method differs depending on the type of database and operation environment. Research on document-based database of NoSQL has been done but it is not applicable as itself to other types of NoSQL Database. Therefore, the way of operation and data model, grasp of operation environment, collection and analysis of artifacts and recovery technique of deleted data in HBase which is a NoSQL column-based database are presented in this paper. Also the proposed technique of digital forensic investigation to HBase is verified by an experimental scenario.