한국정보통신학회논문지 (Journal of the Korea Institute of Information and Communication Engineering)

  • 제20권1호
  • /
  • Pages.72-80
  • /
  • 2016
  • /
  • 2234-4772(pISSN)
  • /
  • 2288-4165(eISSN)
한국정보통신학회 (The Korea Institute of Information and Commucation Engineering)
권호 표지
DOI QR코드

DOI QR Code

안드로이드 환경에서의 KakaoTalk 메신저의 포렌식 분석 방법론 제안 및 분석

Forensic Analysis of KakaoTalk Messenger on Android Environment

  • Yoon, Jongcheol (Graduate School of Information Security, SeJong Cyber University) ;
  • Park, Yongsuk (Graduate School of Information Security, SeJong Cyber University)
  • 투고 : 2015.12.01
  • 심사 : 2016.01.06
  • 발행 : 2016.01.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근 우리는 스마트폰을 활용하여 KakaoTalk IM(Instance Messenger)을 사용한다. IM 서비스에는 사용자/용의자의 생활패턴, 지리적 위치, 사상, 심리 상태 및 범죄 사실에 대한 흔적들이 존재하여 포렌식 분석이 필요하다. 하지만, KakaoTalk의 포렌식 분석은 미흡한 현실이다. 이에 본 논문은 KakaoTalk에 적합한 새로운 연구방법론을 제시하고, 흔적(Artifacts)의 위치 발견을 하고, 연락처 메시지의 칼럼 구조 분석하고, 사용자/용의자를 식별 하였으며, 추가한 연락처 정보들과 메시지의 타입을 파악하였고, 삭제한 연락처의 백업파일을 사용하여 복원하였다. 그 결과 분석한 정보와 방법론을 활용하면 Forensic Tool의 기본 플랫폼이 된다.

Recently, IM(Instant Messenger) of KakaoTalk is being used on smart devices such as smartphones. Because IM service can carry user and/or suspector's various information including life style, geographical position, psychology and crime history, forensic analysis on IM service is desirable. But, forensic analysis for KakaoTalk is not well studied yet. This paper studies a proper forensic method for KakaoTalks, finds artifacts location, reconstruct the list of contacts and the chronology of the messages that have been exchanged by users. Proposed methodology and analyzed information can provide a basic platform for forensic tool.

키워드

참고문헌

  1. J. M. Lee, "The Effect of Personal Communication Activities using Smart Phone Instant Messenger on Job Performance," Journal of Korean Socieity for Internet Information, vol. 13, no. 6, pp. 17-24, Oct. 2012.
  2. Wikimedia Foundation, Inc. Instant Messaging [Internet]. Available: https://en.wikipedia.org/wiki/Instant_messaging.
  3. H. S. Jung, "The evolution of Korean social network service focusing on the case of Kakao talk," The Journal of Digital Policy and Management, vol. 10, no 10, pp. 147-154, Nov. 2012.
  4. Yu Jong Jang, Jin Kwak, "Mobile Digital Forensic Procedure for Crime Investigation in Social Network Service," The Journal of Korea Navigation Institute, vol. 17, no. 3, pp. 325-331, Jun. 2013.
  5. Mohammad Iftekhar Husain, Ramalingam Sridhar, "iForensics: forensic analysis of instant messaging on smart phones," in The First International Conference on Digital Forensics & Cyber Crime, pp. 9-18, Sept. 2009.
  6. Yu-Cheng Tso, et al., "iPhone social networking for evidence investigations using iTunes forensics," in Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication, ACM New York, article no. 62, Feb. 2012.
  7. Shubham Sahu, "An Analysis of WhatsApp Forensics in Android Smartphones," International Journal of Engineering Research, vol. 3, no. 5, pp. 349-350, May 2014. https://doi.org/10.17950/ijer/v3s5/514
  8. Neha S. Thakur, "Forensic analysis of WhatsApp on Android smartphones," M.S. Thesis, University of New Orleans Theses and Dissertations, 2013.
  9. Cosimo Anglano, "Forensic analysis of WhatsApp Messenger on Android smartphones," Digital Investigation, vol. 11, no. 3, pp. 201-213, Sept. 2014. https://doi.org/10.1016/j.diin.2014.04.003
  10. JaeWan Jo, "Study Android lock features analysis of Digital Forensic focus," M.S. Thesis, KOREA University Theses and Dissertations, 2013.
  11. HoSeung No, "Logical Forensic Technique on Android Smartphone," M.S. Thesis, KOREA University Theses and Dissertations, 2014.

피인용 문헌

  1. Forensic Analysis of chatting messenger service in KakaoTalk and Comparison Study of KakaoTalk and WhatsApp Artifacts vol.20, pp.4, 2016, https://doi.org/10.6109/jkiice.2016.20.4.777