The Experts below are selected from a list of 42 Experts worldwide ranked by ideXlab platform
Sangjin Lee - One of the best experts on this subject based on the ideXlab platform.
-
the method of recovery for deleted record in the Unallocated Space of sqlite database
Information Security and Cryptology, 2011Co-Authors: Sangjun Jeon, Keunduck Byun, Jewan Bang, Guengi Lee, Sangjin LeeAbstract:SQLite is a small sized database engine largely used in embedded devices and local application software. The availability of portable devices, such as smartphones, has been extended over the recent years and has contributed to growing adaptation of SQLite. This implies a high likelihood of digital evidences acquired during forensic investigations to include SQLite database files. Where intentional deletion of sensitive data can be made by a suspect, forensic investigators need to recover deleted records in SQLite at the best possible. This study analyzes data management rules used by SQLite and the structure of deleted data in the system, and in turn suggests a recovery Tool of deleted data. Further, the study examines major SQLite suited software as it validates feasible possibility of deleted data recovery.
-
determinant whether the data fragment in Unallocated Space is compressed or not and decompressing of compressed data fragment
Information Security and Cryptology, 2008Co-Authors: Bora Park, Sangjin LeeAbstract:It is meaningful to investigate data in Unallocated Space because we can investigate the deleted data. However the data in Unallocated Space is formed to fragmented and it cannot be read by application in most cases. Especially in case of being compressed or encrypted, the data is more difficult to be read. If the fragmented data is encrypted and damaged, it is almost impossible to be read. If the fragmented data is compressed and damaged, it is very difficult to be read but we can read and interpret it sometimes. Therefore if the computer forensic investigator wants to investigate data in Unallocated Space, formal work of determining the data is encrypted of compressed and decompressing the damaged compressed data. In this paper, I suggest the method of analyzing data in Unallocated Space from a viewpoint of computer forensics.
Xiaodong Lin - One of the best experts on this subject based on the ideXlab platform.
-
a novel forensics analysis method for evidence extraction from Unallocated Space
Forensics in Telecommunications Information and Multimedia, 2010Co-Authors: Zhenxing Lei, Theodora Dule, Xiaodong LinAbstract:Computer forensics has become a vital tool in providing evidence in investigations of computer misuse, attacks against computer systems and more traditional crimes like money laundering and fraud where digital devices are involved. Investigators frequently perform preliminary analysis at the crime scene on these suspect devices to determine the existence of target files like child pornography. Hence, it is crucial to design a tool which is portable and which can perform efficient preliminary analysis. In this paper, we adopt the Space efficient data structure of fingerprint hash table for storing the massive forensic data from law enforcement databases in a flash drive and utilize hash trees for fast searches. Then, we apply group testing to identify the fragmentation points of fragmented files and the starting cluster of the next fragment based on statistics on the gap between the fragments.
Bora Park - One of the best experts on this subject based on the ideXlab platform.
-
determinant whether the data fragment in Unallocated Space is compressed or not and decompressing of compressed data fragment
Information Security and Cryptology, 2008Co-Authors: Bora Park, Sangjin LeeAbstract:It is meaningful to investigate data in Unallocated Space because we can investigate the deleted data. However the data in Unallocated Space is formed to fragmented and it cannot be read by application in most cases. Especially in case of being compressed or encrypted, the data is more difficult to be read. If the fragmented data is encrypted and damaged, it is almost impossible to be read. If the fragmented data is compressed and damaged, it is very difficult to be read but we can read and interpret it sometimes. Therefore if the computer forensic investigator wants to investigate data in Unallocated Space, formal work of determining the data is encrypted of compressed and decompressing the damaged compressed data. In this paper, I suggest the method of analyzing data in Unallocated Space from a viewpoint of computer forensics.
Cezara Craciunescu - One of the best experts on this subject based on the ideXlab platform.
-
examinarea criminalistică a datelor informatice in ancheta penală cyber forensic analysis of data in criminal investigations
Social Science Research Network, 2016Co-Authors: Cezara CraciunescuAbstract:Romanian Abstract: In conformitate cu Codul de Procedură Penală, ca ofițer de poliție, e necesar a interacționa cu probe. O probă este orice element de fapt ce poate fi folosit pentru a afirma sau a infirma ceva in materia procesului penal sau civil. In zilele noastre, datorită tehnicii actuale, impactul criminalității informatice este in creștere, fapt ce dovedește că probele digitale sunt tot mai răspândite in investigațiile curente. In cadrul Laboratorului de examinarea datelor informatice din Inspectoratul General de Poliție - Institutul Național de Criminalistică București se efectuează expertize sau constatări criminalistice ce sunt utilizate ca mijloace de probă in ancheta penală. Prin acest articol, doresc să prezint câteva cazuri / exemple de examinare a datelor informatice de pe diferiți suporți de memorie punând in evidență totodată și articolele incriminatorii. In primul exemplu, prin examinarea datelor informatice de pe hard disk-ul pus la dispoziție, s-au evidențiat posibile probe digitale in anchetarea unui caz de evaziune fiscală (art.9 din Legea 241/2005), iar in al doilea exemplu s-au recuperat date informatice, din spațiul nealocat al unor card-uri de memorie, ca probe intr-o infracțiune de braconaj (art. 42 din Legea 407/2006). In cel de-al treilea exemplu e prezentată modalitatea de a proba infracțiunea de „violare de domiciliu / violarea vieții private” in urma examinării unui dispozitiv de tip microfon GSM. In ultimul exemplu este prezentată metoda prin care se examinează datele informatice dintr-un DVR (Digital Video Recorder) aducându-se lămuriri suplimentare in modul de săvârșire a unei infracțiuni (C.P. art. 32- tentativa, art. 20 – starea de necesitate , art. 174 – săvârșirea infracțiunii, art. 188 - omorul ).English Abstract: In accordance with Criminal Procedure Code as law enforcement officers, is necessary to deal with evidence. The evidence is anything that can be used to prove or disprove something related in the penal/civil process. In our days the impact of cybercrime or computer related crime is growing up, and this reflects that digital evidence within “conventional” investigations is widespread. In the Digital Forensic Laboratory from the General Inspectorate of Romanian Police – National Forensic Science Institute Bucharest are performed digital forensic analysis which are used as evidence in criminal investigations. Through this article, I want to present a few cases / examples examination of digital data stored on different memory media highlighting also the incriminating articles. In the first example, by examining data from a hard disk it was highlighted possible digital evidence in the investigation of a case of tax evasion (Article 9 of Law 241/2005 ) , and in the second example were recovered data from the Unallocated Space of memory cards, as evidence in a crime of poaching (art. 42 of Law 407/2006 ) . In the third example is shown how to prove the crime of “trespassing / privacy violation" after examining a GSM microphone. The latest example is shown a method to examine digital data from a DVR (Digital Video Recorder ) and to bring further clarifications on how it was committed a crime (Penal Code art. 32- tentative , Art. 20 - state of emergency , art . 174 - offense , art. 188 - murder).
Sangjun Jeon - One of the best experts on this subject based on the ideXlab platform.
-
the method of recovery for deleted record in the Unallocated Space of sqlite database
Information Security and Cryptology, 2011Co-Authors: Sangjun Jeon, Keunduck Byun, Jewan Bang, Guengi Lee, Sangjin LeeAbstract:SQLite is a small sized database engine largely used in embedded devices and local application software. The availability of portable devices, such as smartphones, has been extended over the recent years and has contributed to growing adaptation of SQLite. This implies a high likelihood of digital evidences acquired during forensic investigations to include SQLite database files. Where intentional deletion of sensitive data can be made by a suspect, forensic investigators need to recover deleted records in SQLite at the best possible. This study analyzes data management rules used by SQLite and the structure of deleted data in the system, and in turn suggests a recovery Tool of deleted data. Further, the study examines major SQLite suited software as it validates feasible possibility of deleted data recovery.
