公开(公告)号：US20170024164A1

公开(公告)日：2017-01-26

申请号：US14930729

申请日：2015-11-03

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Seungjei YANG ,  Jungho CHOI ,  Kibom KIM ,  Taejoo CHANG

IPC: G06F3/06 ,  G06F9/44

CPC classification number: G06F3/0652 ,  G06F3/0623 ,  G06F3/0679 ,  G06F9/4403 ,  G06F11/004 ,  G06F11/07 ,  G06F11/0703 ,  G06F11/0706 ,  G06F11/0727 ,  G06F11/0751 ,  G06F11/0778 ,  G06F11/0796

Abstract: Forensic data acquisition apparatus and method. The forensic data acquisition apparatus according to an embodiment includes a command analysis unit for activating a boot loader and a Universal Serial Bus (USB) module of a smart device and analyzing a format of a flash memory read command based on results of analysis of the boot loader, a partition information analysis unit for analyzing partition information of flash memory in compliance with the flash memory read command, and a data acquisition unit for generating a dump image by dumping data stored in the flash memory based on the flash memory read command and the partition information, and for acquiring forensic data based on the dump image.

Abstract translation: 取证数据采集装置及方法。 根据实施例的取证数据获取装置包括用于激活智能设备的引导加载程序和通用串行总线（USB）模块的命令分析单元，并且基于引导的分析结果来分析闪存读取命令的格式 加载器，用于根据闪速存储器读取命令分析闪速存储器的分区信息的分区信息分析单元，以及用于通过基于闪存读取命令转储存储在闪速存储器中的数据来生成转储映像的数据获取单元， 分区信息，以及基于转储映像获取取证数据。

公开(公告)号：US20160072833A1

公开(公告)日：2016-03-10

申请号：US14788831

申请日：2015-07-01

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Dongphil KIM ,  Inkyoung KIM ,  Seokwoo CHOI ,  Taejoo CHANG ,  Wonho KIM ,  Hyunggeun OH

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1425 ,  G06F17/30675 ,  G06F21/561 ,  G06F21/564 ,  G06F21/566 ,  H04L63/101 ,  H04L63/1408 ,  H04L63/145

Abstract: An apparatus and method for searching for similar malicious code based on malicious code feature information. The apparatus includes a malicious code registration unit for registering input new malicious code as a new malicious code sample, and extracting and registering detailed information of the new malicious code sample, a malicious code analysis unit for analyzing the detailed information of the new malicious code sample, a malicious code DNA extraction unit for extracting malicious code DNA information including malicious code feature information, a malicious code DNA comparison unit for comparing the extracted malicious code DNA information with malicious code DNA information of prestored malicious code samples, and calculating similarities therebetween, and a similar malicious code search unit for calculating, based on the calculated similarities, all similarities between the new malicious code sample and prestored malicious code samples, and extracting a specific number of malicious code samples.

Abstract translation: 一种基于恶意代码特征信息搜索类似恶意代码的装置和方法。 该装置包括用于将输入的新恶意代码注册为新的恶意代码样本的恶意代码注册单元，以及提取和登记新的恶意代码样本的详细信息，用于分析新的恶意代码示例的详细信息的恶意代码分析单元 恶意代码DNA提取单元，用于提取包括恶意代码特征信息的恶意代码DNA信息，恶意代码DNA比较单元，用于将提取的恶意代码DNA信息与预先存储的恶意代码样本的恶意代码DNA信息进行比较，并计算其间的相似度; 一个类似的恶意代码搜索单元，用于根据计算的相似度计算新的恶意代码样本和预存的恶意代码样本之间的所有相似性，并提取特定数量的恶意代码示例。