• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.7
• /
• pp.173-180
• /
• 2016

Since smartphones possess a variety of user information, we can derive useful data related to the case from app data analysis in the digital forensic perspective. However, it requires an appropriate forensic measure as smartphone has the property of high mobility and high possibility of data loss, forgery, and modulation. Especially the forged/modulated time-stamp impairs the credibility of digital proof and results in the perplexity during the timeline analysis. This paper provides traces of usage which could investigate whether the time-stamp has been forged/modulated or not within the range of iOS based devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.109-115
• /
• 2016

Nowadays, smart devices are the target of the digital forensic investigation. Among various smart devices, we can obtain much information from smart phone which is provided with continuous power and used for data communication. This paper deals with the traces to be left in Android smart phones after using the navigation applications with the GPS function. We selected navigation applications(domestic and overseas) which have a high number of download times, anaylzed them and discussed the meaning of the analysis result in digital forensic investigation.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.124-129
• /
• 2021

As the 4th industrial era is in full swing, the public's interest in related technologies such as artificial intelligence, big data, and block chain is increasing. As artificial intelligence technology is used in various industrial fields, the need for research methods incorporating artificial intelligence technology in related fields is also increasing. Evidence collection among digital forensic investigation techniques is a very important procedure in the investigation process that needs to prove a specific person's suspicions. However, there may be cases in which evidence is damaged due to intentional damage to evidence or other physical reasons, and there is a limit to the collection of evidence in this situation. Therefore, this paper we intends to propose an artificial intelligence-based evidence collection system that analyzes numerous image files reported by citizens in real time to visually check the location, user information, and shooting time of the image files. When this system is applied, it is expected that the evidence expected data collected in real time can be actually used as evidence, and it is also expected that the risk area analysis will be possible through big data analysis.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.177-185
• /
• 2007

Lately, it is a trend that diffusion of Mobile Information Appliance that do various function by development of IT technology. There is function that do more convenient and efficient exchange information and business using mobile phone that is Mobile Information Appliance, but disfunction that is utilized by pointed end engineering data leakage, individual's privacy infringement, threat, etc. relationship means to use mobile phone is appeared and problems were appeared much. However, legal research of statute unpreparedness and so on need research and effort to prove delete, copy, integrity of digital evidence that transfer secures special quality of easy digital evidence to objective evidence in investigation vantage point is lacking about crime who use this portable phone. It is known that this Digital Forensic field is Mobile Forensic. In this paper. We are verify about acquisition way of digital evidence that can happen in this treatise through mobile phone that is Mobile Forensic's representative standing and present way to prove integrity of digital evidence using Hash Function.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.515-530
• /
• 2013

The results of investigations into marine incidents have become an important basis in determining not only possible causes, but also the extent of negligence between the perpetrator and victim. However, marine incidents occur under special circumstances i.e. the marine environment, and this leads to difficulties in identifying causes due to problems in scene preservation, reenactment and acquisition of witnesses. Given the aforementioned characteristic of marine incidents, the International Convention for the Safety of Life at Sea (SOLAS) has adopted mandatory regulations on the carriage of Voyage Data Recorders (VDRs) and Automatic Identification Systems (AIS) for ships of a certain gross tonnage and upwards, so as to reflect recent developments in radio communication and marine technology. Adopted to provide an international standard for investigations and to promote cooperation, the Code of the International Standards and Recommended Practices for a Safety Investigation into a Marine Casualty or Marine Incident (Casualty Investigation Code) recommends member states to build capacity for analysis of VDR data. Against this backdrop, this paper presents methods for efficient investigations into the causes behind marine incidents based on data analysis of VDR, which serves as the black box of ships, as well as digital forensic techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.71-82
• /
• 2011

Live data in physical memory can be acquired by live forensics but not by harddisk file-system analysis. Therefore, in case of forensic investigation, live forensics is widely used these days. But, existing live forensic methods, that use command line tools in live system, have many weaknesses; for instance, it is not easy to re-analyze and results can be modified by malicious code. For these reasons, in this paper we explain the Windows kernel architecture and how to analyze physical memory dump files to complement weaknesses of traditional live forensics. And then, we design and implement the Physical Memory Dump Explorer, and prove the effectiveness of our tool through test results.

• Journal of Advanced Navigation Technology
• /
• v.17 no.1
• /
• pp.63-68
• /
• 2013

Recently, companies seek a way to overcome their financial crisis by reducing costs in the field of IT. In such a circumstance, cloud computing is rapidly emerging as an optimal solution to the crisis. Even in a digital forensic investigation, whether users of an investigated system have used a cloud service is a very important factor in selecting additional investigated subjects. When a user has used cloud services, such as Daum Cloud and Google Docs, it is possible to connect to the could service from a remote place by acquiring the user's log-in information. In such a case, evidence data should be collected from the remote place for an efficient digital forensic investigation, and it is needed to conduct research on the collection and analysis of data from various kinds of cloud services. Thus, this study suggested a digital forensic framework considering cloud environments by investigating collection and analysis techniques for each cloud service.

• Journal of Advanced Navigation Technology
• /
• v.15 no.5
• /
• pp.887-892
• /
• 2011

Recently iPad has been released, so users interest in new portable device is increasing. As markets grow, experts are forecasting a increase of investigation about tablet PC. However iPad forensics is very difficult using existing smart phone forensic softwares. especially, those softwares can't analyze korean mobile application. This paper describes collecting/analyzing technique for iPad.

• Journal of Digital Forensics
• /
• v.13 no.2
• /
• pp.125-134
• /
• 2019

The process of identifying system behavior or user behavior from data collected during the digital forensics investigation is essential. In the case of PCs, there are many different types of system behavior or remaining logs depending on the operating system, and the analysis results of the de facto forensics tools that analyze the data are different. Because the reliability of a tool in the digital forensics field is an important factor, cross-analysis is usually performed with multiple tools for one digital evidence, and if the analysis results differ from one tool to the other, it is difficult to aggregate the analysis results. Therefore, a standard for processing information centered on the land-to-ground principle is proposed to facilitate sharing and intuitively identifying the analysis results of digital evidence collected. It also proposes a way to use it as an indicator to verify the reliability of an analysis tool by comparing the performance of a digital forensics analysis tool.

• The Journal of the Korea Contents Association
• /
• v.7 no.2
• /
• pp.180-190
• /
• 2007

Recently investigation institutions have found the clue leading to solution of the problem by digital evidence. Digital medium is used extensively in real life. Accordingly, offender is leaving from traces of crime to digital form. But, Korea's digital evidence investigation is low level yet. Definite legislation about digital evidence is not readied in present our country. And professional investigation manpower about digital evidence is insufficient. These problem may have to be supplemented urgently. Systematic, technological supporting is required. Specialize and discussed digital evidence investigation's controversial point and capacity reinforcement way for efficient confrontation in cyber crime who is diversified gradually in text.