Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Priority Scheduling of Digital Evidence in Forensic

포렌식에서 디지털 증거의 우선순위 스케쥴링

  • Lee, Jong-Chan (Department of Computer Information Engineering, Kunsan National University) ;
  • Park, Sang-Joon (Department of Computer Information Engineering, Kunsan National University)
  • Received : 2013.04.20
  • Accepted : 2013.09.12
  • Published : 2013.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Digital evidence which is the new form of evidence to crime makes little difference in value and function with existing evidences. As time goes on, digital evidence will be the important part of the collection and the admissibility of evidence. Usually a digital forensic investigator has to spend a lot of time in order to find clues related to the investigation among the huge amount of data extracted from one or more potential containers of evidence such as computer systems, storage media and devices. Therefore, these evidences need to be ranked and prioritized based on the importance of potential relevant evidence to decrease the investigate time. In this paper we propose a methodology which prioritizes order in which evidences are to be examined in order to help in selecting the right evidence for investigation. The proposed scheme is based on Fuzzy Multi-Criteria Decision Making, in which uncertain parameters such as evidence investigation duration, value of evidence and relation between evidence, and relation between the case and time are used in the decision process using the aggregation function in fuzzy set theory.

범죄 증거의 새로운 형태인 디지털 증거는 기존의 증거와 기능 및 역할에 있어서 거의 차이점이 없으며, 증거로서의 법적 인정 및 역할이 점차 증가할 것으로 예상된다. 포렌식 수사관은 다수의 증거 보유 장치(예, 컴퓨터 시스템, 저장 매체 등)에 저장되어 있는 막대한 양의 데이터로부터, 사건과 관련된 실마리를 찾기 위하여 많은 시간을 소모해야 한다. 따라서 조사 시간을 단축하기 위해서는 잠재적인 관련 증거의 중요성에 근거하여 순서화 및 순위화가 필요하다. 본 연구에서는 포렌식 조사 시에, 정확한 증거를 선정하게 함으로서 증거 분석 우선순위를 결정하는 방법을 제안한다. 제안된 방식은 증거 조사 소요시간, 증거의 가치, 증거간의 연관성 그리고 사건과 시간과의 연관성과 같은 다수의 부정확한 요소가 퍼지 집합 함수를 사용한 의사 결정에 사용되는 다기준 의사 결정에 근거한다.

Keywords

References

  1. Digital Forensic. Available: http://blog.naver.com/gadzetlee/ 90016576709.
  2. H. Yang, M. Xu and N. Zheng, "Improved Method for Ranking of Search Results Based on User Interest" in Proceeding of IFIP International Conference on Network and Parallel Computing, Shanghai, pp. 132-138, 2008.
  3. K. Krishna, A. Kalpana, and T. Velayutham, "Customizable Ranking Method for Digital Evidence Search through Interestingness Injection," in Proceeding of Third International Conference on Multimedia Information Networking and Security, Shanghai, pp. 288-291, 2011.
  4. S. Saleem, O. Popov, and R. Dahman, "Evaluation of security methods for ensuring the integrity of digital evidence," in Proceeding of International Conference on Innovations in Information Technology, Abu Dhabi, pp. 220-225, 2011.
  5. A. Grillo, A. Lentini, G. Me, and M. Ottoni, "Fast user classifying to establish forensic analysis priorities," in Proceeding of Fifth International Conference on IT Security Incident Management and IT Forensics, Stuttgart, pp. 69-77, 2009.
  6. E. Mabuto and H. Venter, "User-generated digital forensic evidence in graphic design applications," in Proceeding of International Conference on Cyber Security, Cyber Warfare and Digital Forensic, Kuala Lumpur, 195-200, 2012.
  7. C. Naso and B. Turchiano, "A Fuzzy Multi-Criteria Algorithm for Dynamic Routing in FMS," in Proceeding of International Conference on Systems, Man, and Cybernetics, pp. 457-462, 1998.
  8. C. H. Yeh and H. Deng, "An Algorithm for Fuzzy Multi-Criteria Decisionmaking," in Proceeding of International Conference on Intelligent Processing Systems, Beijing, pp. 1564-1568, 1997.
  9. S. Y. Jung and S. K. Cho, "Determination of Risk Level Using Fuzzy Multi - Criteria Decision Method," Journal of the Korean Institute of Industrial Engineers, Vol.24, No.4, pp. 627-638, Dec. 1998.