• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.31-40
• /
• 2008

Recently, network forensic research which analyzes intrusion-related information for tracing of attackers, has been becoming more popular than disk forensic which analyzes remaining evidences in a system. Analysis and correlation of logs from firewall, IDS(Intrusion Detect System) and web server are important part in network forensic procedures. This work suggests integrated graphical user interface of network forensic for private information leakage detection. This paper shows the necessity of various log information for network forensic and a design of graphical user interface for security managers who need to monitor the leakage of private information.

• Analytical Science and Technology
• /
• v.34 no.5
• /
• pp.231-239
• /
• 2021

Detection of fire accelerants from fire residues is critical to determine whether the case was arson or accidental fire. However, to develop a standardized model for determining the presence or absence of fire accelerants was not easy because of high temperature which cause disappearance or combustion of components of fire accelerants. In this study, logistic regression, random forest, and support vector machine models were trained and evaluated from a total of 728 GC-MS analysis data obtained from actual fire residues. Mean classification accuracies of the three models were 63 %, 81 %, and 84 %, respectively, and in particular, mean AU-PR values of the three models were evaluated as 0.68, 0.86, and 0.86, respectively, showing fine performances of random forest and support vector machine models.

• Proceedings of the PSK Conference
• /
• 2003.10b
• /
• pp.106.3-107
• /
• 2003

VIAGRATM, an oral therapeutic agent for erectile dysfunction, is the citrate salt of sildenafil. VIAGRATM is formulated as blue, film-coated rounded-dia-mond-shaped tablets, equivalent to 25mg, 50mg and 100mg of sildenafil for oral administration. ViagraTM has been allowed to be sold at the drug store in Korea officially, but it is still increased to sell or use counterfeits or smuggled goods, because of its high price or strict restriction on both sale and purchase. Discrimination and analysis of 13 cases of VIAGRATM tablets for verification of genuineness or counterfeit were requested to our institute on the period, from January 1999 to July 2003. (omitted)

• Anatomy and Cell Biology
• /
• v.56 no.3
• /
• pp.367-373
• /
• 2023

One of the main parameters in the analysis of skeletal remains in forensic anthropological cases is the estimation of age. This study aimed to investigate the correlation between age and the fusion status of the sternal junction. This cross-sectional study was carried out on 184 sterna from 94 females and 90 males obtained from known-age cadavers in the Thai population. By direct observation, the fusion stage of the manubrio-sternal and sterno-xiphoidal junctions was studied and divided into unfused and fused joints. The results showed that a large proportion of the sterna remain unfused throughout adulthood, with fusion observed in both young and old cadavers. Insignificant differences in the rate of fusion, the sexes and ages were observed. None of the sterna under 30 years of age in females and 32 years of age in males showed fusion of the manubrio-sternal and sterno-xiphoidal junctions. Based on the variability of the sternal fusions observed in this study, we highlighted a very limited role of the sternum alone in the estimation of age in the Thai population.

• Analytical Science and Technology
• /
• v.27 no.1
• /
• pp.41-59
• /
• 2014

The aims of this work were the identification and the classification of fresh lubricants and used engine oils of vehicles for the application in forensic science field-80 kinds of fresh lubricants were purchased and 86 kinds of used engine oils were sampled from 24 kinds of diesel and gasoline vehicles with different driving conditions. The sample of lubricants and used engine oils were analyzed by GC/MS. The Bayesian model technique was developed for classification or identification. Both the wavelet fitting and the principal component analysis (PCA) techniques as a data dimension reduction were applied. In fresh lubricants classification, the rates of matching by Bayesian model technique with wavelet fitting and PCA were 97.5% and 96.7%, respectively. The Bayesian model technique with wavelet fitting was better to classify lubricants than it with PCA based on dimension reduction. And we selected the Bayesian model technique with wavelet fitting for classification of lubricants. The other experiment was the analysis of used engine oils which were collected from vehicles with the several mileage up to 5,000 km after replacing engine oil. The eighty six kinds of used engine oil sample with the mileage were collected. In vehicle classification (total 24 classes), the rate of matching by Bayesian model with wavelet fitting was 86.4%. However, in the vehicle's fuel type classification (whether it is gasoline vehicle or diesel vehicle, only total 2 classes), the rate of matching was 99.6%. In the used engine oil brands classification (total 6 classes), the rate of matching was 97.3%.

• YAKHAK HOEJI
• /
• v.59 no.5
• /
• pp.230-234
• /
• 2015

This paper includes a review of 555 drug-facilitated sexual assault (DFSA) cases analyzed at the National Forensic Service (NFS), South Korea, between 2006 and 2012. The results of toxicological analyses of blood and urine samples were also reported, and furthermore the results were interpreted with respect to the number of drugs detected. The number of DFSA cases was highest during warmer summer months and the mean age of the victims was 25 years, with 48% being between 20 and 29 years. Accommodations or entertainment places were the most frequent place of the sexual assault (57%); and the assailant was a stranger in 72% of the DFSA cases. Drugs were identified in the blood or urine samples in 145 cases (26%) and sedative-hypnotics, such as benzodiazepines and zolpidem, were the most commonly detected, along with sedative antihistamines such as doxylamine and diphenhydramine. The frequent presence of sedative drugs in biological samples tends to implicate their use in chemical submission. However, interpreting the analytical results in terms of voluntary vs. surreptitious administration of drugs requires further detailed investigation and knowledge of the victim's health status and medication used at the time of event.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.2
• /
• pp.73-90
• /
• 2015

When we apply file commands on files in a directory, the directory as well as the file suffer changes in timestamps of MFT entry. Based on understanding of these changes, this work provides a digital forensic analysis on the timestamp changes of the directory influenced by execution of file commands. NTFS utilizes B-tree indexing structure for managing efficient storage of a huge number of files and fast lookups, which changes an index tree of the directory index when files are operated by commands. From a digital forensic point of view, we try to understand behaviors of the B-tree indexes and are looking for traces of files to collect information. But it is not easy to analyze the directory index entry when the file commands are executed. And researches on a digital forensic about NTFS directory and B-tree indexing are comparatively rare. Focusing on the fact, we present, in this paper, directory timestamp changes after executing file commands including a creation, a copy, a deletion etc are analyzed and a method for finding forensic evidences of a deletion of directory containing files. With some cases, i.e. examples of file copy and file deletion command, analyses on the problem of timestamp changes of the directory are given and the problem of finding evidences of a deletion of directory containging files are shown.

• Journal of the Korean Society of Safety
• /
• v.32 no.6
• /
• pp.16-21
• /
• 2017

Fire or electrical problem while DC electric traction vehicle operation caused by various reasons can lead to not only suspension of the operation, but also severe aftermath such as massive casualty. In this paper, fire analysis on DC electric traction vehicle caused by electrical breakdown on line breaker, which is in connection with the power supply, is presented. When the electric arc, the by-product of frequent line breaker operation, is not fully diminished, it leads to electrical breakdown and fire. Especially, electrical breakdown can be easily induced by the open-and-close operation of inner contractor inside line breaker, eventually followed by ground fault and generation of transient current. Electric arc is consequent on the ground fault and acts as possible ignition source, leading to fire. Also, during the repetitive operation of the line breaker, the contactor is separated each other and some copper powder is generated, and the copper powder provided breakdown path, resulting in fire.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.7
• /
• pp.173-180
• /
• 2016

Since smartphones possess a variety of user information, we can derive useful data related to the case from app data analysis in the digital forensic perspective. However, it requires an appropriate forensic measure as smartphone has the property of high mobility and high possibility of data loss, forgery, and modulation. Especially the forged/modulated time-stamp impairs the credibility of digital proof and results in the perplexity during the timeline analysis. This paper provides traces of usage which could investigate whether the time-stamp has been forged/modulated or not within the range of iOS based devices.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.680-693
• /
• 2018

Nowadays, third-party applications form an important part of the mobile environment, and social networking applications in particular can leave a variety of user footprints compared to other applications. Digital forensics of mobile third-party applications can provide important evidence to forensics investigators. However, most mobile operating systems are now updated on a frequent basis, and developers are constantly releasing new versions of them. For these reasons, forensic investigators experience difficulties in finding the locations and meanings of data during digital investigations. Therefore, this paper presents scenario-based methods of forensic analysis for a specific third-party social networking service application on a specific mobile device. When applied to certain third-party applications, digital forensics can provide forensic investigators with useful data for the investigation process. The main purpose of the forensic analysis proposed in the present paper is to determine whether the general use of third-party applications leaves data in the mobile internal storage of mobile devices and whether such data are meaningful for forensic purposes.