http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
RISS 인기검색어
- 검색키워드
- 저자 : 조규상 (검색결과 358 건)
- 무료
- 기관 내 무료
- 유료
-
-
-
-
Data Hiding in NTFS Timestamps for Anti-Forensics
조규상 한국인터넷방송통신학회 2016 International Journal of Internet, Broadcasting an Vol.8 No.3
In this paper, we propose a new anti-forensic method for hiding data in the timestamp of a file in the Windows NTFS filesystem. The main idea of the proposed method is to utilize the 16 least significant bits of the 64 bits in the timestamps. The 64-bit timestamp format represents a number of 100-nanosecond intervals, which are small enough to appear in less than a second, and are not commonly displayed with full precision in the Windows Explorer window or the file browsers of forensic tools. This allows them to be manipulated for other purposes. Every file has $STANDARD_INFORMATION and $FILE_NAME attributes, and each attribute has four timestamps respectively, so we can use 16 bytes to hide data. Without any changes in an original timestamp of “year-month-day hour:min:sec” format, we intentionally put manipulated data into the 16 least significant bits, making the existence of the hidden data in the timestamps difficult to uncover or detect. We demonstrated the applicability and feasibility of the proposed method with a test case.
-
윈도우즈 파일시스템에서 파일명령 구별을 위한 디지털 포렌식 방법
조규상 보안공학연구지원센터(JSE) 2015 보안공학연구논문지 Vol.12 No.4
이 논문에서는 윈도우즈 NTFS 파일시스템에서 파일명령을 구분할 수 있는 새로운 디지털 포렌식 방법을 제안한다. 제안한 방법은 파일명령을 수행할 때 타임스탬프의 변화가 생기는 것을 이용하여 어떤 파일명령이 실행되었는지 구분하는 기능을 수행한다. 이것을 구현하기 위하여 TCC & CC(Timestamp Change Check & Code Conversion) 함수, B2D(Binary to Decimal) 변환함수, FDD(Forensic Decision Decoder) 함수 등의 3가지 함수를 구현한다. TCC & CC는 $SI와 $FN 속성에 들어 있는 각 4개씩 모두 8개의 타임스탬프의 변화에 대해 각각 2비트를 할당하여 전체 16비트 코드 를 만드는 기능을 하고, B2D변환 함수는 이것을 10진수로 변환하여 해당 값을 FDD 함수에 입력하여 디코드된 포렌식을 위한 출력값을 만든다. 제안된 방법을 파일생성, 파일복사, 파일덮어쓰기-소스남김 사례에 적용하여 타임스탬프의 변화에 의해서 어떤 파일명령이 수행되었는지 구분한 결과를 보이기 로 한다. This research proposes a new digital forensic method for a distinction of file commands in Windows NTFS file system. The proposed method is to distinct what command is executed only by comparing timestamp change pattern before and after a file command execution. The proposed method is composed of three parts, i.e. TCC & CC(Timestamp Change Check & Code Conversion) function, B2D(Binary to Decimal) conversion function, and FDD(Forensic Decision Decoder) function. Each input of the TCC & CC for timestamps of 8 timestamps in $SI and $FN is assigned 2 bits respectively and it produces 16 bit code. The code is converted into a decimal value by the B2D conversion function. The decimal value is decoded into a forensic output by the FDD function. The proposed method gives a forensic way to distinct executed file command. With three forensic cases, i.e. a file creation, a file copy and a file overwrite-a source file left command, the proposed forensic method is verified for its usefulness.
-
고속 DIO(Digital I/O) 시스템의 설계와 제작
조규상,이종운 대한전기학회 2006 전기학회논문지 D Vol.55 No.5(D)
- High speed PC-based DIO(Digital I/O) system that consists of a master device and slave I/O devices is developed. The PCI interfaced master device controls all of serial communications, reducing the load on the CPU to a minimum. The slave device is connected from the master device and another slave device is connected to the slave device, it can repeated to maximum 64 slave devices. The slave device has 3 types I/O mode, such as 16 bits input-only, 16 bits output-only, and 8bits input-output. The master device has 2 rings which can take 64 slaves each. Therefore, total I/O points covered by the master is 2048 points. The slave features 3 types of input/output function interchangeablility by DIP switch settings. Library, application, and device driver software for the DIO system that have a secure and a convenient functionality are developed.
-
Windows 파일시스템의 디렉토리에 대한 디지털 포렌식 분석
조규상,Cho, Gyusang 디지털산업정보학회 2015 디지털산업정보학회논문지 Vol.11 No.2
When we apply file commands on files in a directory, the directory as well as the file suffer changes in timestamps of MFT entry. Based on understanding of these changes, this work provides a digital forensic analysis on the timestamp changes of the directory influenced by execution of file commands. NTFS utilizes B-tree indexing structure for managing efficient storage of a huge number of files and fast lookups, which changes an index tree of the directory index when files are operated by commands. From a digital forensic point of view, we try to understand behaviors of the B-tree indexes and are looking for traces of files to collect information. But it is not easy to analyze the directory index entry when the file commands are executed. And researches on a digital forensic about NTFS directory and B-tree indexing are comparatively rare. Focusing on the fact, we present, in this paper, directory timestamp changes after executing file commands including a creation, a copy, a deletion etc are analyzed and a method for finding forensic evidences of a deletion of directory containing files. With some cases, i.e. examples of file copy and file deletion command, analyses on the problem of timestamp changes of the directory are given and the problem of finding evidences of a deletion of directory containging files are shown.
-
조규상,배우용,주병윤,정진숙 대한비과학회 2013 Journal of rhinology Vol.20 No.2
Hemangioma is the most common vascular disorder. But it occurs very rarely in the paranasal sinus, particularly the maxillary sinus. It is not easily observed unlike that of the nasal cavity. It can be misdiagnosed as other diseases and the massive bleeding may occur during surgery. Therefore thorough preoperative evaluation is needed to prevent the complication such as bleeding occurring during operation. We present a cavernous hemangioma arising from the maxillary sinus combined with nasal polyp in a 14-year-old woman with the literature review.
-
-
연관 검색어 추천
이 검색어로 많이 본 자료
활용도 높은 자료
