• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.139-142
• /
• 2011

해외 기술 유출 사고로 인하여 한국 경제에 약 수조원의 피해가 발생하였다. 기업의 기술 유출과 사고 책임 소재를 증명하기 위한 e-Discovery시스템과 기업CERT/CC에 연구가 필요하다. 본 논문에서는 e-Discovery의 개념과 관련법안 및 권고안, 포렌식 수사절차에 대해 연구하고, 국내 e-Discovery 사고 사례와 해외 e-Discovery 사고 사례를 연구한다. e-Discovery가 도입되면 기업 CERT/CC에서 필요한 e-Discovery 시스템을 설계한다. e-Discovery 시스템의 접근과 인증을 위한 사용자인증과 기기 인증에 대한 기술과 암호화 기술을 연구한다. 본 논문 연구를 통하여 e-Discovery 제도의 도입과 포렌식 기술 발전에 기초자료로 활용될 것이다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1108-1110
• /
• 2012

파일 시스템은 컴퓨터에서 파일이나 자료를 쉽게 발견 및 접근할 수 있도록 보관 또는 조직하는 체제를 가리키는 말이다. 기존에는 Windows에 사용되는 FAT(File Allocation Table) 파일 시스템과 NTFS(New Technology File System), Unix/Linux 등에서 주로 활용되는 ext계열 파일 시스템 등이 주된 분석 대상이었으나 스마트폰과 태블릿 PC, NAS(Network Attached Storage) 서버 등 다양한 IT기기가 보급되면서 이들 기기에서 사용되는 파일시스템을 추가적인 분석이 필요하다. 따라서 본 논문에서는 추가적으로 분석해야할 파일 시스템의 종류를 나열하고 각각의 특성을 서술하여 향후 추가 분석의 지침으로 활용하고자한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.859-866
• /
• 2019

Cybersecurity attack targeting a specific user is rising in number, even enterprises are trying to strengthen their cybersecurity. Network segmentation environment where public network and private network are separated could block information coming from the outside, however, it is unable to control outside information for business efficiency and productivity. Even if enterprises try to enhance security policies and introduce the network segmentation system and a solution incorporating CDR technology to remove unnecessary data contained in files, it is still exposed to security threats. Therefore, we suggest a system that uses file format conversion to transmit a secure file in the network separation environment. The secure file is converted into an image file from a document, as it reflects attack patterns of inserting malicious code into the document file. Additionally, this paper proposes a system in the environment which functions that a document file can keep information for incident response, considering forensic readiness.

• Analytical Science and Technology
• /
• v.36 no.3
• /
• pp.113-120
• /
• 2023

Physical developer (PD) is an effective technique that can develop fingerprints even on wet or very old paper. However, it has not been known which substance reacts with PD. Also, the timing of optimization according to the storage period of the PD working solution has not been known. The present research has done a spot test with 7 eccrine components and 5 sebaceous components that known as fingerprint components and figured out the mixture of palmitic acid and lysine gave the strongest positive reaction. Also, paper treated with PD was treated in 1,2-indanedione/zinc (1,2-IND/Zn) working solution and showed lysine was not dissolved in water. To find out the timing of optimization according to the storage period of the TWEEN^® 20 based PD working solution, the mixture of palmitic acid and lysine was used for the target of reagent reliability test. As the result, working solution of 14 days storage period showed better result than other working solutions.

• Analytical Science and Technology
• /
• v.19 no.5
• /
• pp.441-448
• /
• 2006

11-nor-9-carboxy-${\Delta}^9$-tetrahydrocannabinol (THCCOOH) is the major metabolite of tetrahydrocannabinol (THC) which is the primary psychoactive component of marijuana. It is also the target analyte for the discrimination marijuana use. A method using solid-phase extraction (SPE) and gas chromatography/mass spectrometry (GC/MS) was developed for the determination of THCCOOH in human urine. Urine samples (3 mL) were extracted by SPE column with a cation exchange cartridge after basic hydrolysis. The eluents were then evaporated, derivatized, and injected into the GC/MS. The limits of detection (LOD) and quantitation (LOQ) were 0.4 and 1.2 ng/mL, respectively. The response was linear with a correlation coefficient of 0.999 within the concentration range of 1.2 (LLE 1.3)~50.0 ng/mL. The precision and accuracy were stable within 1.20% and the recovery was 83.6~90.7%. The recovery of SPE method was lower than that of liquid-liquid extraction (LLE), but there were no apparent differences in LOD, LOQ, precision and accuracy between the two methods. While SPE method is used as a very effective and rapid procedure for sample pretreatment, and clean extracts, LLE method was not suitable for the extraction procedure of THCCOOH in urine. The applicability of the method was proven by analyzing a urine samples from a marijuana abusers.

• Analytical Science and Technology
• /
• v.21 no.1
• /
• pp.41-47
• /
• 2008

Although liquid-liquid extraction (LLE) method has been used routinely for the analysis of amphetamine-like drugs (amphetamine; AP, methamphetamine; MA, 3,4-methylenedioxyamphetamine; MDA, 3,4-methylenedioxymethamphetamine; MDMA, 3,4-methylenedioxyethylamphetamine; MDEA), a solid-phase extraction (SPE) method, which can be automated, was applied for the simultaneous determination by GC/MS in human urine. Urine samples (3 mL) and 0.1 M phosphate buffer (1 mL, pH 7.0) were extracted by an automated SPE system. The eluent was evaporated, derivatized with trifluoroacetic anhydride (TFAA), and analyzed by GC/MS. The calibration curves was linear with correlation coefficient ($r^2$) above 0.994 in the ranges of 34.0 (AP), 28.0 (MDA)~1000.0 ng/mL for AP, MDA, and 50.0~2000.0 ng/mL for MA, MDMA, and MDEA. The limits of detection ranged from 4.0 to 10.0 ng/mL, and the limits of quantitation ranged from 12.0 to 34.0 ng/mL. The relative recoveries were 93.5~107.7 %. The precisions and accuracies were 1.9~14.8 % and -8.7~14.8 %, respectively. The present method was successfully applied to identify the MA or Ecstasy (MDMA) abusers in exact as well as rapid.

• Journal of Trauma and Injury
• /
• v.28 no.3
• /
• pp.98-103
• /
• 2015

Purpose: To compare injury sustained and severity of child occupant according to the types of safety restraint systems in motor vehicle crashes. Methods: This was a retrospective observational study. The study subjects were child occupants under the age of 8 years who visited a local emergency center following a motor vehicle crash from 2010 to 2014. According to safety restraint: child restraint systems (CRS), belted, and unbelted, we compared injuries sustained and injury severity using the maximal Abbreviated Injury Scale (MAIS) and Injury Severity Score (ISS), and analyzed the characteristics of severe injuries (AIS2+). Results: Among 241 subjects, 9.1% were restrained in CRS, 14.5% were only belted, and 76.3% was unbelted at the time of the crashes. Fourteen had severe injuries (AIS2+), all of whom didn't be restrained by CRS. Injuries in face and neck were the highest in unbelted group, and MAIS and ISS were the lowest in CRS group. Conclusion: Among safety restraint systems for child occupant in motor vehicle crashes, the CRS have the preventive effect of face and neck injuries, and are the most effective safety restraint systems.

• Journal of Advanced Navigation Technology
• /
• v.18 no.5
• /
• pp.494-500
• /
• 2014

Recently the leak of personal information from in-house and contract-managed companies has been continually increasing, which leads a regular observation on outsourcing companies that perform the personal information management system to prevent dangers from the leakage, stolen and loss of personal information. However, analyzing many numbers of computers in limited time has found few difficulties in some circumstances-such as outsourcing companies that own computers that have personal information system or task continuities that being related to company's profits. For the reason, it is necessary to select an object of examination through identifying a high-risk of personal data leak. In this paper, this study will formulate a proposal for the selection of high-risk subjects, which is based on the user interface, by digital forensic. The study designs the integrated analysis tool and demonstrates the effects of the tool through the test results.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.346-376
• /
• 2018

Digital forensics is a vital part of almost every criminal investigation given the amount of information available and the opportunities offered by electronic data to investigate and evidence a crime. However, in criminal justice proceedings, these electronic pieces of evidence are often considered with the utmost suspicion and uncertainty, although, on occasions are justifiable. Presently, the use of scientifically unproven forensic techniques are highly criticized in legal proceedings. Nevertheless, the exceedingly distinct and dynamic characteristics of electronic data, in addition to the current legislation and privacy laws remain as challenging aspects for systematically attesting evidence in a court of law. This article presents a comprehensive study to examine the issues that are considered essential to discuss and resolve, for the proper acceptance of evidence based on scientific grounds. Moreover, the article explains the state of forensics in emerging sub-fields of digital technology such as, cloud computing, social media, and the Internet of Things (IoT), and reviewing the challenges which may complicate the process of systematic validation of electronic evidence. The study further explores various solutions previously proposed, by researchers and academics, regarding their appropriateness based on their experimental evaluation. Additionally, this article suggests open research areas, highlighting many of the issues and problems associated with the empirical evaluation of these solutions for immediate attention by researchers and practitioners. Notably, academics must react to these challenges with appropriate emphasis on methodical verification. Therefore, for this purpose, the issues in the experiential validation of practices currently available are reviewed in this study. The review also discusses the struggle involved in demonstrating the reliability and validity of these approaches with contemporary evaluation methods. Furthermore, the development of best practices, reliable tools and the formulation of formal testing methods for digital forensic techniques are highlighted which could be extremely useful and of immense value to improve the trustworthiness of electronic evidence in legal proceedings.

• Analytical Science and Technology
• /
• v.29 no.2
• /
• pp.85-93
• /
• 2016

This study investigated the possibility of DNA contamination during fingerprint collection when using a fingerprint brush. Two kinds of brushes were selected: powdered brushes and neat (not powdered) brushes. The fingerprints were collected from the tips of all the fingers and near the wrists of both living and deceased persons using the two brushes. Both brushes were analyzed for the DNA contents and profiles. The results obtained confirmed the transfer of DNA onto both brushes, although the results showed that the powdered brushes carried more DNA compared with the neat brushes. More DNA was transferred onto the brushes used on deceased persons than onto the brushes used for living persons. Only partial DNA profiles were obtained from the brushes, which is due to the presence of other sources of DNA on the surfaces of the skin of both living and deceased persons. This phenomenon confirmed the DNA contamination during fingerprint collection when fingerprint brushes were used.