• Journal of Korea Multimedia Society
• /
• v.24 no.4
• /
• pp.558-568
• /
• 2021

The digital image to be accepted as legal evidence, it is important to verify the authentication of the digital image. This study proposes a method of authenticating digital images through three steps of comparing the file structure of digital images taken with iPhone, analyzing the encoding information as well as media logs of the iPhone storing the digital images. For the experiment, digital image samples were acquired from nine iPhones through a camera application built into the iPhone. And the characteristics of file structure and media log were compared between digital images generated on the iPhone and digital images edited through a variety of image editing tools. As a result of examining those registered during the digital image creation process, it was confirmed that differences from the original characteristics occurred in file structure and media logs when manipulating digital images on the iPhone, and digital images take with the iPhone. In this way, it shows that it can prove its forensic authentication in iPhone.

• Journal of Information Technology Applications and Management
• /
• v.30 no.6
• /
• pp.113-142
• /
• 2023

As society becomes more digital, the need for digital forensics experts are gradually increasing. It is necessary to establish a training policy that reflects the special characteristics of digital forensics personnel. Although there are fragmented policies for digital forensics-related systems and human resources training in academia, it is an urgently necessary to establish a systematic and long-term policy to foster digital forensics experts. This study suggests curriculum of digital forensic based on the importance ranking among forensic subjects. The importance ranking can be decided by forensic experts. This study can be used as policy data to foster diverse talent that can effectively meet the increasing demand for digital forensics talent. The systematic curriculum proposed in this study is a practical curriculum at the undergraduate level and can be suitable for university level

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.33-39
• /
• 2014

An area presenting new opportunities for both legitimate business, as well as criminal organizations, is Cloud computing. This work gives a strong background in current digital forensic science, as well as a basic understanding of the goal of Law Enforcement when conducting digital forensic investigations. These concepts are then applied to digital forensic investigation of cloud environments in both theory and practice, and supplemented with current literature on the subject. Finally, legal challenges with digital forensic investigations in cloud environments are discussed.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.6
• /
• pp.15-20
• /
• 2019

Fundamental processes in digital forensic investigation - such as disk imaging - were developed when digital investigation was relatively young. As digital forensic processes and procedures matured, these fundamental tools, that are the pillars of the reset of the data processing and analysis phases of an investigation, largely stayed the same. This work is a study of modern digital forensic imaging software tools. Specifically, we will examine the feature sets of modern digital forensic imaging tools, as well as their development and release cycles to understand patterns of fundamental tool development. Based on this survey, we show the weakness in current digital investigation fundamental software development and maintenance over time. We also provide recommendations on how to improve fundamental tools.

• Journal of Information Processing Systems
• /
• v.16 no.4
• /
• pp.760-773
• /
• 2020

When a crime occurs, the information necessary for solving the case, and various pieces of the evidence needed to prove the crime are collected from the crime scene. The tangible residues collected through scientific methods at the crime scene become evidence at trial and a clue to prove the facts directly against the offense of the suspect. Therefore, the scientific investigation and forensic handling for securing objective forensic in crime investigation is increasingly important. Today, digital systems, such as smartphones, CCTVs, black boxes, etc. are increasingly used as criminal information investigation clues, and digital forensic is becoming a decisive factor in investigation and trial. However, the systems have the risk that digital forensic may be damaged or manipulated by malicious insiders in the existing centralized management systems based on client/server structure. In this paper, we design and implement a blockchain based digital forensic management model using Hyperledger Fabric and Docker to guarantee the reliability and integrity of digital forensic. The proposed digital evidence management model allows only authorized participants in a distributed environment without a central management agency access the network to share and manage potential crime data. Therefore, it could be relatively safe from malicious internal attackers compared to the existing client/server model.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.4
• /
• pp.95-102
• /
• 2016

Computer security incident such as confidential information leak and data destruction are constantly growing and it becomes threat to information in digital devices. To respond against the incident, digital forensic techniques are also developing to help digital incident investigation. With the development of digital forensic technology, a variety of forensic artifact has been developed to trace the behavior of users. Also, a diversity of forensic tool has been developed to extract information from forensic artifact. However, there is a issue that information from forensic tools has its own forms. To solve this problem, it needs to process data when it is output from forensic tools. Then it needs to compare and analyze processed data to identify how data is related each other and interpret the implications. To reach this, it calls for effective method to store and output data in the course of data processing. This paper aims to propose DFIOC (Digital Forensic Indicators Of Compromise) that is capable of transcribing a variety of forensic artifact information effectively during incident analysis and response. DFIOC, which is XML based format, provides "Evidence" to represent various forensic artifacts in the incident investigation. Furthermore, It provides "Forensic Analysis" to report forensic analysis result and also gives "Indicator" to investigate the trace of incidence quickly. By logging data into one sheet in DFIOC format for forensic analysis process, it is capable of avoiding unnecessary data processing. Lastly, since collected information is recorded in a normalized format, data input and output becomes much easier as well as it will be convenient to use for identification of collected information and analysis of data relationship.

• Journal of Digital Convergence
• /
• v.13 no.4
• /
• pp.81-87
• /
• 2015

This study will show the digital forensic model which fights against cyber-crimes to prepare various cyber-crimes. The digital forensic model will be more useful about the investigation of cyber-crimes and arresting criminals after researching the uses of the digital forensic model and cyber-crime rates in South Korea. This model conduct the standardized data with various languages by the language support system through the digital forensic analyzer. This model will send the data to law enforcement reviewing whether or not we ought to prove criminal charges. Moreover, law enforcement can access the file system to find out admissibility of evidence. And this model simplifies lawful investigation about additional investigation. The data, which is conducted and saved by the digital forensic system, will be helpful to protect against the future crimes because of the data.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.658-661
• /
• 2013

최근 데이터의 대용량화와 급격한 증가로 인해 빅데이터 처리를 위한 NoSQL DBMS 사용이 증가하고 있다. 그러나 기존 관계형 DBMS에 비해 NoSQL DBMS에 대한 포렌식 조사 기법에 대한 연구는 거의 없는 실적이다. 따라서, 본 논문에서는 NoSQL DBMS 중 가장 활발히 사용되고 있는 MongoDB에 대한 디지털 포렌식 조사 절차와 기법에 대해 연구하였다.

• 한국정보통신설비학회:학술대회논문집
• /
• 2007.08a
• /
• pp.142-146
• /
• 2007

Digital Rights Management (DRM) technology has been widely used for protecting the digital contents over the recent years. But the digital contents protected by DRM are vulnerable to various video memory capture programs when DRM packaged contents are decrypted on the consumers' multimedia devices. To make up for this kind of DRM security holes the Forensic Marking (FM) technology is being deployed into the content protection area. Most leading DRM companies as well as big electronics companies like Thomson and Philips already have commercial FM solutions. Forensic Marking technology uses the digital watermarking to insert the user information such as user id, content playing time and etc. into the decrypted and decoded content at the playback time on the consumer devices. When the content containing watermarked user information (Forensic Mark) is illegally captured and distributed over the Internet, the FM detection system takes out the inserted FM from the illegal contents and informs contents service providers of the illegal hacker's information. In this paper the requirements and test conditions are discussed for the commercial Forensic Marking systems.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.5
• /
• pp.49-54
• /
• 2016

As investigations dealing with digital evidence increase, so to does the need for skilled first responders and improved investigation process models. Recently the concept of digital forensic triage and preliminary analysis has been gaining popularity in investigation laboratories. At the same time, however, there has been little focus on specific training needs of first response and preliminary analysts. Instead, many organizations consider these responders to need the same skills as full digital forensic analysts. In this work we describe the 'ideal' digital investigation first responder and preliminary analyst, hardware and software requirements and most importantly, required training.