Drone Forensics
(드론포렌식팀) .. 위크 Demo
내용1
Embedded Device Forensics
Consent-Based Mobile Data Collection
내용1
OS Log Analysis
iOS Sysdiagnose
Intelligent Framework for Automated Digital Trace Analysis
iOS Sysdiagnose serves as a comprehensive diagnostic bundle containing unified logs, power events, and process histories that capture every aspect of device operation. Traditionally, mobile forensics relied on privilege escalation or zero-day vulnerabilities to extract evidence, but such approaches are increasingly infeasible on hardened systems. SIREN (Sysdiagnose Intelligence & Report ENgine) introduces a novel forensic framework that reconstructs user behavior directly from system-level logs—without exploiting vulnerabilities. By correlating logarchive and Powerlog datasets, SIREN systematically normalizes temporal inconsistencies and rebuilds event sequences such as app usage, camera activity, battery patterns, and network transmissions.
The framework integrates 15 analysis modules and an LLM-based report generator that summarizes findings across thousands of raw entries into structured, human-readable evidence. In evaluations, SIREN successfully reconstructed behavioral timelines in cases of data exfiltration, cyberstalking, and identity theft, reducing manual analysis time from days to minutes. This work demonstrates a significant advancement in iOS digital forensics by establishing reliable, reproducible evidence acquisition through system logs—enhancing both efficiency and evidential integrity.
Maritime Equipment
내용2
Analysis of Embedded Device Firmware
Firmware knowledge Base for security and forensics(Firmbase)
This system is an end-to-end pipeline that structurally collects, reconstructs, and analyzes firmware to automatically discover known vulnerabilities. It first gathers firmware metadata from multiple sources (download links, versions, etc.), detects and decrypts encrypted images by recognizing structural patterns and signature markers, and then identifies and parses the firmware’s file systems (e.g., UBIFS, JFFS2, SquashFS, ext4). The pipeline extracts all files and isolates unidentified regions for further analysis.
Next, the system performs deep binary analysis to extract executable-level features and inter-binary dependencies, and derives vendor/product/version metadata from those results. Those artifacts are normalized and matched against a curated vulnerability knowledge base (VulBase) that links CPEs, CVEs, and Exploit-DB entries; matches are categorized by confidence (strong / medium / weak). Outputs, including an Firmware Bill of Materials(FBOM) and prioritized vulnerability matches, are designed for immediate use in risk triage, forensic investigations, and patch prioritization, and the modular architecture allows easy extension and integration with other collection and analysis tools.
Operating System Forensics
Built-in Anti-Forensic Features in Operating Systems on Forensic Artifacts
Modern operating systems incorporate various automated functions designed to optimize storage efficiency and enhance overall system performance. While these mechanisms improve operational convenience and resource management, they may, under certain conditions, modify or remove data and artifacts without user intervention, thereby acting as potential anti-forensic elements from a digital investigation perspective.
Our study examines the impact of such built-in automation mechanisms on forensic artifacts and explores the extent to which they may operate as unintentional anti-forensic functions. To this end, we perform reverse engineering and structural analysis of relevant system components to understand their internal behavior and identify potential pathways through which forensic artifacts may be affected.
Furthermore, Our study discusses the challenges associated with distinguishing between system-initiated artifact removal and deliberate evidence tampering by a user, as well as the interpretive difficulties encountered in forensic investigations under such conditions. Based on these observations, we highlight forensic perspectives and response strategies that account for system-driven automation characteristics.