Hyunji Chung

The Method of Database Server Detection and Investigation in the Enterprise Environment

When a forensic investigation is carried out in the enterprise environment, most of the important data is stored in database servers, and data stored in them are very important elements for a forensic investigation. As for database servers with such data stored, there are over 10 various kinds, such as SQL Server, Mysql and Oracle. All the methods of investigating a database system are important, but this study suggests a single methodology likely to investigate all the database systems while considering the common characteristics of database system. A method of detecting a server, data acquiring and investigating data in the server can be usefully used for such an investigation in the enterprise environment. Therefore, such a methodology will be explained through a way of carrying out a forensic investigation on SQL Server Database of Microsoft Corporation.

Methodology and implementation for tracking the file sharers using BitTorrent

Sharing copyright protected content without the copyright holder’s permission is illegal in many countries. Regardless, the number of illegal file sharing using BitTorrent continues to grow and most of file sharers and downloader are unconcerned legal action to transfer copywrite-protected files. However, it is difficult to gather enough probative evidence to prosecute illegal file sharers in criminal court and/or sued for damages in civil court. Further, there is a lack of research on investigation techniques to reveal illegal BitTorrent sharers. This is because the role of the server in BitTorrent networks has been changed compared to servers in conventional P2P networks. As a result, it is difficult to apply previous investigation processes for investigation of conventional P2P networks to the investigation of suspected illegal file sharing using BitTorrent. This paper proposes a methodology for the investigation of illegal file sharers using BitTorrent networks through the use of a P2P digital investigation process.

Methodology for Digital Forensic Investigation of iCloud

Growth in cloud services is surging around the world as cloud computing rapidly outstrips the projected growth rate for traditional IT products. Cloud service has characteristics that the data is synchronized in real time and could be approached from multiple devices. If the device is connected over network, it could be changed due to syncing service of data. One of the cloud syncing service is iCloud provided from Apple Corporation. Cloud syncing service provides various conveniences to users, but it is difficult to examine by investigators. For example, a suspect could use other devices to modify or delete the data related with the case through cloud storage service. To prevent this situation, this paper proposes new procedure for investigating and analyzing the data of iCloud.

A Study on Edit Order of Text Cells on the MS Excel Files

ABSTRACT Since smart phones or tablet PCs have been widely used recently , the users can create and edit documents anywhere in real time. If the input and edit flows of documents can be traced, it can be used as evidence in digital forensic investigation. The typical document application is the MS(Microsoft) Office. As th e MS Office applications consist of two file formats that Compound Document File Format which had been used from version 97 to 2003 and OOXML(Office Open XML) File Format which has been used from version 2007 to now. The studies on MS Office files were for making a decision whether the file has been tampered or not through detection of concealed items o r analysis of documents properties so far. This paper analyzed the input order of text cells on MS Excel files and shows how t o figure out what cell is the last edited in digital forensic perspective. Keywords: Digital Forensics, MS Excel, Document File Forensics, OOXML Fi le Format, Compound Document File Format접수일(2013년 10월 21일), 수정일(2014년 2월 14일), 게재확정일(2014년 3월 6일)* 이 논문은 2013년도 정부(미래창조과학부)의 재원으로 한국연구재단-공공복지안전사업의 지원을 받아 수행된 연구임(2012M3A2A1051106)†주저자, 2yoonmi@korea.ac.kr‡교신저자, sangjin@korea.ac.kr(Corresponding author)

New feature and SVM based advanced classification of Computer Graphics and Photographic Images

ABSTRACT As modern computer graphics technology has been developed, it i s hard to discriminate computer graphics from photographic images with the naked eye. Advances in graphics technology has brought a lot of convenience to human, it has side effects such as image forgery, malicious edit and fraudulent means. In order to cope with such problems, studies of various algorithms usin g a feature that represents a characteristic of an image has been processed. In this paper, we verify directly the existing algo rithm, and provide new features based a noise that represents the char acteristics of the computer graphics well. And this paper introduces the method of using SVM(Support Vector Machine) with features proposed in previous research to improve the discrimination accuracy.Keywords: JPEG, Computer graphics, Photographic images, Features, SVM접수일(2013년 8월 1일), 수정일(1차: 2013년 12월 31일, 2차: 2014년 3월 21일), 게재확정일(2014년 3월 21일)* 이 논문은 2013년도 정부(미래창조과학부)의 재원으로 한국연구재단-공공복지안전사업의 지원을 받아 수행된 연구임(2012M3A2A1051106)†주저자, dwjung77@gmail.com‡교신저자, sangjin@korea.ac.kr(Corresponding author)

A framework of management for preventing illegal distribution of pdf bookscan file

Since various smart devices are being developed, a growing number of people are reading eBooks instead of paper books. However, people started making eBooks on their own by scanning paper books because there are not enough eBooks provided from market. The term Bookscan was made with this reason. The number of bookscan company is increasing because the equipment is too expensive. However, the commercial activity of bookscan company is against copyright law. Also bookscan files are in danger of being illegally distributed on web, because bookscan companies are not protecting copyright. Publication market follows the same procedure with sound market which was collapsed due to copyright problem. Therefore, the technical methods should be prepared for law system against bookscan. The previous ICOP(Illegal Copyrights Obstruction Program) system has been applied to sound and movie files, but not applied to publication. This paper suggests the framework for bookscan file management based on practical mechanism.

Methodology for Digital Investigation of Illegal Sharing Using BitTorrent

In these days, a number of illegal file sharers using BitTorrent increase. Sharing copyrighted files without copyright holder’s permission is illegal, so they must be punished. However, it is difficult to find appropriate digital evidences and legal basis to punish them. This paper proposes the methodology about punishing illegal sharer using BitTorrent by suggesting the digital investigation framework. This framework consists of two parts. The first part is acquisition of data on network. In process of network analysis, the methodology to acquire and classify information about peers by analyzing packets is suggested. The second part is acquisition and analysis of data from suspect’s PC. In process of suspects’ PC analysis, the methodology to acquire meaningful evidences by finding traces of file sharing on suspects’ PC is suggested.

Forensic Analysis of Residual Information in Adobe PDF Files

In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.