• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.151-166
• /
• 2009

To prove the integrity of digital evidence on the investigation procedure, the data which is using the MD 5(Message Digest 5) hash-function algorithm has to be discarded, if the integrity was damaged on the investigation. Even though a proof restoration of the deleted area is essential for securing the proof regarding a main phase of a case, it was difficult to secure the decisive evidence because of the damaged evidence data due to the difference between the overall hash value and the first value. From this viewpoint, this paper proposes the novel model for the mobile forensic procedure, named as "E-Finder(Evidence Finder)", to ,solve the existing problem. The E-Finder has 5 main phases and 15 procedures. We compared E-Finder with NIST(National Institute of Standards and Technology) and Tata Elxsi Security Group. This paper thus achieved the development and standardization of the investigation methodology for the mobile forensics.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3943-3957
• /
• 2016

As digital evidence has a highly influential role in proving the innocence of suspects, methods for integrity verification of such digital evidence have become essential in the digital forensic field. Most surveillance camera systems are not equipped with proper built-in integrity protection functions. Because digital forgery techniques are becoming increasingly sophisticated, manually determining whether digital content has been falsified is becoming extremely difficult for investigators. Hence, systematic approaches to forensic integrity verification are essential for ascertaining truth or falsehood. We propose an integrity determination method that utilizes the structure of the video content in a Video Event Data Recorder (VEDR). The proposed method identifies the difference in frame index fields between a forged file and an original file. Experiments conducted using real VEDRs in the market and video files forged by a video editing tool demonstrate that the proposed integrity verification scheme can detect broken integrity in video content.

• Analytical Science and Technology
• /
• v.33 no.2
• /
• pp.86-97
• /
• 2020

Reconstruction and separation of explosive-contaminated overlapping fingerprints constitutes an analytical challenge of high significance in forensic sciences. Laser-induced breakdown spectroscopy (LIBS) allows real-time chemical mapping by detecting the light emissions from laser-induced plasma and can offer powerful means of fingerprint classification based on the chemical components of the sample. During recent years LIBS has been studied one of the spectroscopic techniques with larger capability for forensic sciences. However, despite of the great sensitivity, LIBS suffers from a limited detection due to difficulties in reconstruction of overlapping fingerprints. Here, the authors propose a simple, yet effective, method of using chemical mapping to separate and reconstruct the explosive-contaminated, overlapping fingerprints. A Q-switched Nd:YAG laser system (1064 nm), which allows the laser beam diameter and the area of the ablated crater to be controlled, was used to analyze the chemical compositions of eight samples of explosive-contaminated fingerprints (featuring two sample explosive and four individuals) via the LIBS. Then, the chemical validations were further performed by applying the Raman spectroscopy. The results were subjected to principal component and partial least-squares multivariate analyses, and showed the classification of contaminated fingerprints at higher than 91% accuracy. Robustness and sensitivity tests indicate that the novel method used here is effective for separating and reconstructing the overlapping fingerprints with explosive trace.

• Analytical Science and Technology
• /
• v.32 no.3
• /
• pp.105-112
• /
• 2019

Fingerprints may be contaminated with ethanol solutions. In order to solve the case, the law enforcement agency may need to visualize the fingerprint from these samples, but the development method has not been studied. The paper with latent fingerprint was contaminated with ethanol solution and then the blurring of ridge detail was observed. As a result, when the copy paper was contaminated with ethanol solutions of less than 75 % (v/v), the amino acid components of latent fingerprint residue blurred but lipid components of latent fingerprint residue didn't blurred. On the other hand, when the paper was contaminated with ethanol solution of more than 80 % (v/v), the amino acid components of latent fingerprint didn't blurred but the lipid components of latent fingerprint blurred. Therefore, it is found that the paper contaminated with ethanol solutions of less than 75 % (v/v) should be treated by oil red O (ORO) enhancing lipid components, and the paper contaminated with ethanol solutions of 80 % (v/v) or more should be treated by 1,2-indandione/zinc (1,2-IND/Zn) enhancing amino acid components. The blurring of ridge detail was not observed when the fingerprints were deposited with fingers contaminated with ethanol solution. This fingerprints were treated with 1,2-IND/Zn or ORO to compare the latent fingerprint development ability, and using 1,2-IND/Zn was able to visualize the latent fingerprint more clearly than using ORO.

• Analytical Science and Technology
• /
• v.32 no.3
• /
• pp.113-119
• /
• 2019

Enhancement of footwear impressions in urine on the surface of tiles by using p-dimethylaminocinnamaldehyde (DMAC), which react with urea, and ninhydrin, 1,8-diazafluoren-9-one (DFO), 1,2-indanedione/zinc (1,2-IND/Zn), which react with amino acid, was studied. As a result of comparing the application methods of reagents, the ninhydrin and the 1,2-IND/Zn were suitable for application with spray method, which is spray directly on footwear impression, DFO and DMAC were suitable for application with dry contact method, which is applying heat with press to DMAC impregnated paper on footwear impression. In addition, DMAC applied with dry contact method showed best contrast and enhancement result in both white and black colored tiles by comparing of the sensitivity by different dilution ratio of urine and the aging time of footwear impressions in urine. And the result of applied with DMAC (with dry contact method) on the floor tiles collected at various places in a building's men's and women's bathrooms, it can be successfully enhanced that footwear impressions in urine. So it is believed that the method can be used to recover footwear impressions in urine from real crime scenes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.2
• /
• pp.591-608
• /
• 2023

With the emergence of advanced encryption technologies such as Quantum Cryptography and Full Disk Encryption, an era of strengthening information security has begun. Users respond positively to the advancement of privacy-enhancing technology, on the other hand, investigative agencies have difficulty unveiling the actual truth as they fail to decrypt devices. In particular, unlike past ciphers, encryption methods using biometric information such as fingerprints, iris, and faces have become common and have faced technical limitations in collecting digital evidence. Accordingly, normative solutions have emerged as a major issue. The United States enacted the CLOUD Act with the legal mechanism of 'Contempt of court' and in 2016, the United Kingdom substantiated the Compelled Decryption through the Investigatory Powers Act (IPA). However, it is difficult to enforce Compelled Decryption on individuals in Korea because Korean is highly sensitive to personal information. Therefore, in this paper, we sought a method of introducing a Compelled Decryption that does not contradict the people's legal sentiment through a perception survey of 95 people on the Compelled Decryption. We tried to compare and review the Budapest Convention with major overseas laws such as the United States and the United Kingdom, and to suggest a direction of legislation acceptable to the people in ways to minimize infringement of privacy. We hope that this study will be an effective legal response plan for law enforcement agencies that can normatively overcome the technical limitations of decoding.

• Analytical Science and Technology
• /
• v.36 no.6
• /
• pp.332-339
• /
• 2023

This study aimed to verify the hypothesis that urea denatures hemoglobin in the blood, thereby exposing active sites of enzymes and enhancing the chemiluminescence of the blood-luminol reaction. When blood was pretreated with urea, higher concentrations of pretreatment urea or longer pretreatment times resulted in enhanced chemiluminescence in the blood-luminol reaction, supporting the above hypothesis. However, the chemiluminescence was enhanced when blood was treated with luminol mixed with an 8 M urea solution, although the fact that the time for urea to denature hemoglobin was shorter compared to when blood was pretreated with urea and followed by luminol. In addition, the chemiluminescence was enhanced when a transition metal without hemoglobin was reacted with urea-containing luminol. Based on these results, it is anticipated that urea not only denatures hemoglobin but also plays a role in the luminol-hydrogen peroxide reaction.

• Analytical Science and Technology
• /
• v.30 no.6
• /
• pp.303-311
• /
• 2017

A new method for obtaining the photoluminescence of footwear impression by using 1,2-indandione (1,2-IND) solution, which is a latent fingerprint-developing reagent, was studied. A binary complex of DL-alanine and 1,2-IND was prepared by spraying a DL-alanine solution and the 1,2-IND solution (an amino acid sensitive reagent) onto dry or wet origin footwear impression deposited on the surface of printed A4 paper. This binary complex reacts with the trace metal component in the footwear impression to form a ternary complex that exhibits photoluminescence. However, when 5-methylthioninhydrin (5-MTN) solution was used instead of 1,2-IND, no consistent photoluminescence was observed even under identical treatment conditions. In addition, when footwear impressions treated with DL-alanine and 1,2-IND solutions were stored under various temperature conditions (30, 40 and $50^{\circ}C$) and various humidity conditions (30 %, 40 %, 50 % and 60 % RH), the contrast between the footwear impression and the background decreased. Optimal footwear impression photoluminescence was obtained when the footwear impressions treated with DL-alanine and 1,2-IND solutions were stored at $30^{\circ}C$ and 30 % RH for 1 h. The sensitivity of the developed method was ccompared with the sensitivities of three known methods - black gelatin lifting, 2,2'-dipyridyl treatment, and 8-hydroxyquinoline treatment. The results showed that the sensitivity of the developed method was worse than that of the black gelatin lifting method but better than that of 2,2'-dipyridyl or 8-hydroxyquinoline treatment method.

• Analytical Science and Technology
• /
• v.23 no.4
• /
• pp.414-422
• /
• 2010

In forensic examinations of question document, analysis about inks components and the dating of ink entries is often of considerable importance and forensic examination of inks is principally concerned with the classification and comparison of chemically complex mixtures. The authenticity about inks analysis of a questioned document may be examined through the analysis of inks used to TLC, HPLC/MS, GC/MS, LDI/MS. We collected 56 difference types of black ballpoint pen inks manufactured from 5 country groups. We identified major 6 species volatile organic components (VOCs), ethylbenzene ($0.089-0.244\;{\mu}g$/mL), o-xylene ($0.072-0.331\;{\mu}g$/mL), m,p-xylene ($0.062-0.318\;{\mu}g$/mL), benzene ($0.003-0.173\;{\mu}g$/mL), 1,1-dichloroethylene ($0.003-0.295\;{\mu}g$/mL), toluene ($0.007-0.484\;{\mu}g$/mL) using HS-SPME GC/MS. The results of this study indicated that determined VOCs of black ballpoint pen inks could make a discriminating tool of inks analysis for forensic question document and can supply methodology for classification and identification of between ballpoints pen inks.

• Analytical Science and Technology
• /
• v.28 no.4
• /
• pp.288-298
• /
• 2015

A distribution study of glitter was conducted from a local university building. The potential recipient surfaces chosen were the 1,000 chairs kept in 16 separate classrooms of the building. The surface of chairs contacting with buttocks and back of users were tape lifted with commercial adhesive tapes, and the surface of adhesive tapes were examined with a stereomicroscope to locate the glitters. 12 glitter particles were found from 11 chairs kept in 16 classrooms of a building. This result indicates that the possibility of glitter finding from Korean violent crime scene is high. The 12 glitters found from the chairs were analyzed with a stereomicroscope and an FTIR spectrophotometer to find the matching glitter. The stereomicroscope was used for the observation of the shapes, dimensions, colors and holograms of each glitter, and the FTIR spectrophotometer was used for the analysis of the chemical composition of the coating material of each glitter. The examination results revealed that 8 glitters out of 12 glitters were not sharing the common origin each other. Also, two glitters found from two separate classroom chairs share common microscopic and FTIR spectroscopic characteristics which indicating two glitters share common origin. The record of the students who had used the classrooms was traced and the authors could find that the classrooms where the same glitters were found were shared by a group of students who listen to the same class. This result implies that the path of the involved people should be considered while assessing the value of trace evidence.