-
公开(公告)号:KR1020150089698A
公开(公告)日:2015-08-05
申请号:KR1020140010612
申请日:2014-01-28
Applicant: 한국전자통신연구원
CPC classification number: G06F21/552 , G06F21/53
Abstract: 본발명은동작중인활성컴퓨터시스템정보에대한변경및 동작간섭을최소화하면서해당시스템에대한포렌식조사또는분석을가능하게하는가상화인터페이스를이용한포렌식분석시스템및 방법에관한것으로서, 상기포렌식분석시스템에따르면, 조사대상컴퓨터와분석용컴퓨터의연동을통해포렌식분석을하는포렌식분석시스템에있어서, 상기조사대상컴퓨터는상기분석용컴퓨터에저장된수집에이전트설치프로그램을실행하고, 상기분석용컴퓨터의요청에따라분석대상정보를전송하도록구성될수 있다.
Abstract translation: 本发明涉及一种使用虚拟接口进行取证分析的系统和方法,该虚拟接口允许最小化对活动计算机系统上的信息的改变和操作干扰,同时对活动计算机系统进行法医检查或分析。 根据本发明,在通过被检查计算机与分析计算机之间的连接执行取证分析的法医分析系统中,要检查的计算机可以被配置为执行存储在计算机中的收集代理程序安装程序 根据计算机的要求分析和传输要分析的数据进行分析。
-
公开(公告)号:KR1020150086861A
公开(公告)日:2015-07-29
申请号:KR1020140006989
申请日:2014-01-21
Applicant: 한국전자통신연구원
CPC classification number: G06F17/30129 , G06F17/2217 , G06F17/30115
Abstract: 본발명은문서의텍스트영역뿐만아니라개체영역까지텍스트정보를추출하는포렌식문서필터장치에관한것으로, 디지털포렌식이미지를파일시스템으로구성하는파일시스템구성부, 상기파일시스템으로구성된디지털포렌식이미지를스캔하여삭제된파일을복구하는삭제파일복구부, 상기파일의종류를구분하는파일종류판별부, 상기파일종류판별부에서의구분에근거하여문서파일에서메타데이터, 본문데이터및 본문에삽입된개체정보를추출하는파일추출부및 상기파일추출부에서추출된결과에대해검색이가능하도록인코딩을변환하는결과변환부를포함할수 있다.
Abstract translation: 本发明涉及从文件中的对象区域以及文本区域提取文本信息的取证文件过滤装置。 取证文件过滤装置包括:文件系统配置单元,其配置具有数字取证图像的文件系统; 删除的文件恢复单元,通过扫描配置文件系统的数字取证图像来恢复删除的文件; 文件类型确定单元,分类文件的类型; 文件提取单元,其基于文件类型确定单元的分类,从文档文件中提取文本中输入的元数据,文本数据和对象信息; 以及结果转换单元,其转换所述编码数据,以使所述文件提取单元能够搜索所述提取结果。
-
公开(公告)号:KR1020110070767A
公开(公告)日:2011-06-24
申请号:KR1020100108730
申请日:2010-11-03
Applicant: 한국전자통신연구원
CPC classification number: H04L41/50 , H04L67/30 , H04N2201/323
Abstract: PURPOSE: A network-based remote forensic system is provided to easily use evidence data with the accumulation of collected evidence data. CONSTITUTION: One or more remote terminals(240) interlink an evidence device(110) in a remote place. The remote terminal performs forensic for the evidence device with a virtual forensic tool. An investigation center system(200) is connected through a wide area network to the remote terminal. The investigation center system offers the virtual forensic tool. The investigation center system processes the requirement of the remote terminal.
Abstract translation: 目的:提供基于网络的远程法医系统,以便利用收集的证据数据的积累方便地使用证据数据。 构成:一个或多个远程终端(240)将证据设备(110)互连在远程位置。 远程终端使用虚拟取证工具对证据设备进行取证。 调查中心系统(200)通过广域网连接到远程终端。 调查中心系统提供虚拟法医工具。 调查中心系统处理远程终端的要求。
-
公开(公告)号:KR100412238B1
公开(公告)日:2003-12-24
申请号:KR1020010085779
申请日:2001-12-27
Applicant: 한국전자통신연구원
IPC: H04L9/08
Abstract: PURPOSE: A management system of internet security platform performing IPsec(Internet Protocol security) communication and a management method thereof are provided to control security service, by managing an internet security service and storing interconnection of security service providing related modules in a network as MIB(Management Information Bases) and providing top view as to security service to a security manager. CONSTITUTION: According to the apparatus for managing a host comprising an IPsec engine and security policy and key exchange and a key management server in an internet security platform performing IPsec communication, a web browser interface part(110) provides web access interface environment to access through a web remotely. A web server part(120) enables a user accessing through the web browser interface part to manage the host. A JSP part(130) performs user authentication as to a user accessing through the web server part. A management server part(150) manages the operation of the internet platform according to a management request of the user. A management tool part(160) performs a corresponding management operation as to the internet platform according to the management request by being controlled by the management server part. And an agent part(170) receives and stores information for each management from a host to manage, and performs a corresponding management command using the stored information when the management tool part receives the corresponding management operation command.
Abstract translation: 目的:提供一种执行IPsec(互联网协议安全)通信的互联网安全平台的管理系统及其管理方法,用于通过管理互联网安全服务并将提供相关模块的安全服务的互连存储在网络中作为MIB( 管理信息库),并向安全管理人员提供关于安全服务的顶视图。 本发明提供了一种网络浏览器界面部分(110),该网络浏览器界面部分(110)根据用于管理包括IPsec引擎和安全策略以及密钥交换的主机的装置以及在执行IPsec通信的互联网安全平台中的密钥管理服务器, 远程网络。 网络服务器部分(120)使得通过网络浏览器接口部分访问的用户能够管理主机。 JSP部分(130)对通过Web服务器部分访问的用户执行用户认证。 管理服务器部分(150)根据用户的管理请求来管理互联网平台的操作。 管理工具部分(160)通过由管理服务器部分控制,根据管理请求对互联网平台执行相应的管理操作。 并且代理部分(170)从主机接收并存储用于每个管理的信息以进行管理,并且当管理工具部分接收到对应的管理操作命令时,使用所存储的信息执行相应的管理命令。
-
公开(公告)号:KR1020030055717A
公开(公告)日:2003-07-04
申请号:KR1020010085779
申请日:2001-12-27
Applicant: 한국전자통신연구원
IPC: H04L9/08
CPC classification number: H04L63/20 , H04L43/04 , H04L63/0485 , H04L63/06 , H04L63/08
Abstract: PURPOSE: A management system of internet security platform performing IPsec(Internet Protocol security) communication and a management method thereof are provided to control security service, by managing an internet security service and storing interconnection of security service providing related modules in a network as MIB(Management Information Bases) and providing top view as to security service to a security manager. CONSTITUTION: According to the apparatus for managing a host comprising an IPsec engine and security policy and key exchange and a key management server in an internet security platform performing IPsec communication, a web browser interface part(110) provides web access interface environment to access through a web remotely. A web server part(120) enables a user accessing through the web browser interface part to manage the host. A JSP part(130) performs user authentication as to a user accessing through the web server part. A management server part(150) manages the operation of the internet platform according to a management request of the user. A management tool part(160) performs a corresponding management operation as to the internet platform according to the management request by being controlled by the management server part. And an agent part(170) receives and stores information for each management from a host to manage, and performs a corresponding management command using the stored information when the management tool part receives the corresponding management operation command.
Abstract translation: 目的:提供一种执行IPsec(Internet Protocol Security)互联网安全通信的管理系统及其管理方法,通过管理互联网安全服务并将网络中提供相关模块的安全服务的互联信息作为MIB( 管理信息库),并向安全管理员提供有关安全服务的最佳视图。 构成:根据用于管理包括IPsec引擎和安全策略以及密钥交换的主机的装置以及执行IPsec通信的因特网安全平台中的密钥管理服务器,web浏览器接口部分(110)提供web访问接口环境以通过 一个网络远程。 网络服务器部分(120)使得用户能够通过网络浏览器接口部分访问来管理主机。 JSP部分(130)对通过web服务器部分访问的用户执行用户认证。 管理服务器部分(150)根据用户的管理请求管理互联网平台的操作。 管理工具部件(160)通过由管理服务器部件控制,根据管理请求对互联网平台进行相应的管理操作。 并且代理部分(170)从主机接收并存储用于每个管理的信息以进行管理,并且当管理工具部件接收到相应的管理操作命令时,使用存储的信息执行相应的管理命令。
-
Patent Agency Ranking
公开(公告)号:KR1020140075393A
公开(公告)日:2014-06-19
申请号:KR1020120143686
申请日:2012-12-11
Applicant: 한국전자통신연구원
CPC classification number: G06F17/30011 , G06F17/301
Abstract: In the extraction and analysis of a forensic evidence document of a digital forensic system using a smart device, the present invention provides the convenience of an investigation by collecting and analyzing digital evidences in a crime scene in real time by extracting document information by directly performing the forensic analysis of the evidence document below a reference capacity by dividing a file size in the smart device or performing a forensic analysis by transmitting the evidence document exceeding the reference capacity to a remote server.
Abstract translation: 在使用智能设备的数字法医系统的法医证据文件的提取和分析中,本发明通过直接执行对犯罪现场中的数字证据的实时收集和分析来提供文档信息来提供调查的便利性 通过在智能设备中划分文件大小或通过将超过参考容量的证据文件发送到远程服务器来执行取证分析,将证据文件的下文分析到参考容量之下。
-
公开(公告)号:KR1020130049111A
公开(公告)日:2013-05-13
申请号:KR1020110114168
申请日:2011-11-03
Applicant: 한국전자통신연구원
CPC classification number: G06F17/30312
Abstract: PURPOSE: A forensic index method using distribution processing and a device thereof are provided to increase or decrease used resources corresponding to the amount of analyzed data, thereby implementing performance adjustment. CONSTITUTION: A division object data management unit(100) generates division object data by dividing indexing object data corresponding to division setting. A division index data generation unit(200) assigns the division object data to data processing units corresponding to the division setting. The division index data generation unit extracts an index by filtering the division object data. The division index data generation unit generates division index data including the index. An index database management unit(300) generates index database by merging the division index data. [Reference numerals] (100) Division object data management unit; (200) Division index data generation unit; (210,CC) Distribution storage unit; (230,DD) Filtering unit; (250,EE) Index extraction unit; (270,FF) Division index data generation unit; (300) Index database management unit; (AA) First data processing unit; (BB) n-th data processing unit
Abstract translation: 目的:提供使用分发处理的取证索引方法及其装置,以增加或减少与分析数据量相对应的使用资源,从而实现性能调整。 构成:分割对象数据管理单元(100)通过对与分割设置相对应的分度对象数据进行分割来生成分割对象数据。 分割索引数据生成部(200)将分割对象数据分配给与分割设定对应的数据处理部。 分割索引数据生成单元通过对分割对象数据进行滤波来提取索引。 分割指标数据生成部生成包含索引的分割指标数据。 索引数据库管理单元(300)通过合并分割索引数据来生成索引数据库。 (附图标记)(100)分割对象数据管理单元; (200)分类索引数据生成单元; (210,CC)分配存储单元; (230,DD)过滤单元; (250,EE)索引提取单元; (270,FF)分类索引数据生成单元; (300)索引数据库管理单位; (AA)第一数据处理单元; (BB)第n个数据处理单元
-
公开(公告)号:KR1020120044002A
公开(公告)日:2012-05-07
申请号:KR1020100105346
申请日:2010-10-27
Applicant: 한국전자통신연구원
IPC: G06F19/00
CPC classification number: G06F17/30864
Abstract: PURPOSE: A method for analyzing and validating data which are collected through the internet and a system thereof are provided to generate an index database for a webpage that a user visits and web mail content and search online data in real time. CONSTITUTION: An online data forensic server(210) collects and analyzes usage history information from a target device for data collection. The online data forensic server downloads and collects data in the Internet based on the usage history information and requests and receives a timing check token for the collected data. A timing check token issuing server(220) issues a timing check token for the collected data and provides the timing check token to the online data forensic server.
Abstract translation: 目的:提供一种用于分析和验证通过因特网及其系统收集的数据的方法,以生成用户访问的网页和网页邮件内容并实时搜索在线数据的索引数据库。 规定:在线数据取证服务器(210)从目标设备收集和分析使用历史信息以进行数据收集。 在线数据取证服务器根据使用历史信息和请求下载并收集Internet中的数据,并收集收集的数据的定时检查令牌。 定时检查令牌发行服务器(220)发布收集的数据的定时检查令牌,并向在线数据取证服务器提供定时检查令牌。
-
公开(公告)号:KR101082024B1
公开(公告)日:2011-11-10
申请号:KR1020090021690
申请日:2009-03-13
Applicant: 한국전자통신연구원
Abstract: 디지털포렌식시스템에서증거이미지의색인관리기술에관한것이다. 색인관리장치는증거이미지를파일시스템구조의디지털자료로복원하는복원부, 복원된디지털자료에속하는파일들각각에고유의문서번호를할당하여문서번호사전으로관리하는문서번호사전관리부, 및복원된디지털자료의파일로부터색인어를추출하고추출된색인어별로색인어가속하는파일에할당된문서번호를지정하는색인수행부를포함하는색인부; 색인부에의한색인어별문서번호가지정된색인정보가저장되는색인저장부; 및색인데이터베이스를참조하여검색하고자하는색인어에지정된문서번호를확인하고, 확인된문서번호를가지고상기문서번호사전을참조하여해당파일을검색하는색인어검색부;를포함한다.
-
公开(公告)号:KR1020070058311A
公开(公告)日:2007-06-08
申请号:KR1020060108362
申请日:2006-11-03
Applicant: 한국전자통신연구원
CPC classification number: H04L63/0263 , H04L63/0236
Abstract: An intrusion blocking policy enforcement apparatus in a router hardware platform and a method thereof are provided to decide whether it is time for newly arranging and enforcing plural intrusion blocking policies, stored in a policy DB, according to priority, therefore fast priority processing and policy enforcement are available. A policy DB(120) stores at least more than one intrusion blocking policy together with related information. A policy server(110) adds or deletes the intrusion blocking policies to or from the policy DB(120). A time controller(130) determines whether to enforce the intrusion blocking policies according to priority by referring to the related information. An intrusion blocking unit(140) blocks intrusion by enforcing the intrusion blocking policies corresponding to determination results of the time controller(130), to data processed by a router hardware platform.
Abstract translation: 提供路由器硬件平台中的入侵阻断策略执行装置及其方法,以根据优先级决定是否需要重新安排和执行存储在策略DB中的多个入侵阻塞策略,从而实现快速优先级处理和策略执行 可用。 策略DB(120)至少存储多个入侵阻止策略以及相关信息。 策略服务器(110)向策略DB(120)添加或删除入侵阻止策略。 时间控制器(130)通过参考相关信息来确定是否根据优先级强制实施入侵阻塞策略。 入侵阻断单元(140)通过对与时间控制器(130)的确定结果相对应的入侵阻止策略执行由路由器硬件平台处理的数据来阻止入侵。
-
-
-
-
-
-
-
-
-
Search Results
46
records
(took 0.022 seconds)
