http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
RISS 인기검색어
- 검색키워드
- 저자 : 차해성 (검색결과 2 건)
- 무료
- 기관 내 무료
- 유료
-
역공학을 통한 Bianlian 랜섬웨어 복호화 방안 연구
차해성,서승희,이창훈 한국디지털포렌식학회 2023 디지털 포렌식 연구 Vol.17 No.3
Ransomware damage is steadily increasing both domestically and internationally, and the amount of damage is also on the rise. This study aims to develop a decryption tool to effectively counter the latest ransomware, the Bianlian ransomware, by analyzing its characteristics. Bianlian exploits the hardware-implemented AES 256-CBC(Cipher Block Chaining) algorithm for encryption and uses Go language's goroutines to seize the system faster than previous ransomware. After the file encryption process, it deletes execution file of the ransomware and performs memory zeroing, obstructing the acquisition of the encryption Key and IV (Initialization Vector). These characteristics significantly increase the possibility of data loss for victims. In this research, we have thoroughly analyzed the operating principle and encryption process of Bianlian through reverse engineering. Based on this, we propose a method to detect Bianlian's operation and extract the Key and IV used for encryption from memory to recover the infected files. Experimental results show that the decryption tool developed in this study overcame the limitations of existing tools that only performed decryption with the secured Key and IV. The outcomes of this research demonstrated a recovery speed three times faster than existing tools by leveraging the characteristics of Bianlian ransomware, thereby providing an effective countermeasure against ransomware attacks.
-
스마트 홈 헤이 홈 Air의 클라우드 아티팩트 원격 수집 방안 연구
김주은,서승희,차해성,김역,이창훈,Kim, Ju-eun,Seo, Seung-hee,Cha, Hae-seong,Kim, Yeok,Lee, Chang-hoon 한국인터넷정보학회 2022 인터넷정보학회논문지 Vol.23 No.5
As the use of Internet of Things (IoT) devices has expanded, digital forensics coverage of the National Police Agency has expanded to smart home areas. Accordingly, most of the existing studies conducted to acquire smart home platform data were mainly conducted to analyze local data of mobile devices and analyze network perspectives. However, meaningful data for evidence analysis is mainly stored on cloud storage on smart home platforms. Therefore, in this paper, we study how to acquire stored in the cloud in a Hey Home Air environment by extracting accessToken of user accounts through a cookie database of browsers such as Microsoft Edge, Google Chrome, Mozilia Firefox, and Opera, which are recorded on a PC when users use the Hey Home app-based "Hey Home Square" service. In this paper, the it was configured with smart temperature and humidity sensors, smart door sensors, and smart motion sensors, and artifacts such as temperature and humidity data by date and place, device list used, and motion detection records were collected. Information such as temperature and humidity at the time of the incident can be seen from the results of the artifact analysis and can be used in the forensic investigation process. In addition, the cloud data acquisition method using OpenAPI proposed in this paper excludes the possibility of modulation during the data collection process and uses the API method, so it follows the principle of integrity and reproducibility, which are the principles of digital forensics.
ScienceON연관 검색어 추천
이 검색어로 많이 본 자료
활용도 높은 자료
