An Explosion In Digital Evidence Coming Thanks To IoT And 5G: HancomGMD

New IoT devices with cameras, 5G, and AI analytics coming in 2019 will change the digital forensic landscape forever, says HancomGMD.

In late 2016, South Korea was rocked by one of its biggest political corruption scandals in history that eventually led to former President Park Guen-Hye being impeached and jailed.

A special prosecutor was elected to proceed with the slew of bribery charges.

By law, investigators had limited days to investigate and prosecute. They had confiscated over several hundreds of smartphones as evidence. With more in the form of notebooks and desktops – from suspects and needed to analyze tens of thousands of phone records and chat messages under a tight deadline. A single piece of evidence from any one of them could have been the smoking gun needed for a successful indictment.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

HancomGMD, South Korea's largest digital forensics research group

The prosecutors called on HancomGMD, South Korea’s largest digital forensics firm, to analyze the smartphones, and the company sent five of its top experts. The team successfully analyzed all of the data in the confiscated smartphones; not only that, among the data extracted was crucial evidence that helped the prosecutors successfully indict and jail some of the country’s most powerful politicians.

“It was a special case not just because of the national attention it received but the deadline,” said Jessy Jun, managing director and team leader of HancomGMD’s forensic business. “You need a team that can recover and analyze data from multiple devices quickly and correctly.”

SMARTPHONE: THE RISE OF DIGITAL FORENSICS
To say smartphones have changed the digital forensic landscape is an understatement. The device has become the core of every criminal investigation and helped propel digital forensics as a serious, scientific investigation tool.

“Today, mobile forensics account for over 80 percent of the total digital forensic that global investigators are performing,” said Jun.

A single smartphone contains contacts, memos, call records, text messages, instant messages, pictures, videos, and GPS data of a person. An investigator’s dream it seems, but not quite. Smartphones have strengthened security over the years to include data encryption and strong authentication.

People also change their phones, on average, every two years and there are constant updates to apps and operating systems.

“You need to keep up with the pace of changes in the smartphone to analyze their data correctly,” said the managing director.

Recovering data from sea water drowned smartphone with noticeable damages.

“For instance, in criminal cases, a lot of the time, you have to find a suspect’s old phone and decipher that data to fully understand the context of the data found in his or her more recent phone. And most of the data is incomplete by itself, so you need to contextualize it with other data you have collected,” he said.

“As a digital forensic team, you need a wealth of experience and a lot of registered devices on your database to fully extract data.”

MD-LIVE, Mobile forensic software for on-the-spot investigation on mobile device evidence

The myriad of data types in smartphones has also made digital forensics challenging – images need to be converted to text, and vice versa. New techniques have also been developed to recover data without damaging the integrity of smartphones.

The company’s MD-LIVE program performs “selective and lives acquisition” to gather evidence at the crime scene. This is important as smartphones are evidence that needs to be safely returned after an investigation.
Drowned phones are the company’s staple: the company can extract the damaged hardware, clean them, and move the data to its own storage and restore them.

Recovering data from seawater drowned smartphone with noticeable damages

HancomGMD has been assisting South Korean investigators since 2005 and has been involved in some 150 major investigation agencies locally and globally.

One of them included extracting data from a Samsung phone owned by a suspected terrorist. Another famous case was a notorious one in 2016 when a newborn baby died.

HancomGMD extracted the data from phones of the hospital staff which proved that the doctor who claimed they oversaw the birth was not present and instead had only nurses oversee the procedure.

“We now have over 15,000 registered smartphones and tablets by different manufacturers; we have over 900 apps,” said Jun.

IoT AND 5G: THE EXPLOSION OF DIGITAL EVIDENCE
5G is expected to be commercialized early this year. This will be a further catalyst for growth in digital evidence. Already, data is being saved through smart home services such as home security and pet monitoring. Drones and autonomous vehicles are producing new multimedia data each day. CCTV, DVRs, and black boxes in cars among other Internet of Things (IoT) devices are increasingly becoming more sophisticated.

There will be an explosion of data, and digital forensics is evolving further to meet that demand, says Jun.

MD-VIDEO, Video forensic software for preview, recovery, and analysis of video data

“Videos are becoming increasingly high resolution and there are a variety of codecs being developed and uses. In CCTV, each manufacturer uses a different media format to save data.

The time it takes to recover and analyze data is increasing; there is a demand for accelerating recovery by high-performance hardware,” the managing director said.

“For investigators, they now have to consider every peripheral device besides the smartphones for evidence. This is a challenge, but it is also a great opportunity.”
Data saved on IoT devices is also stored via gateways on the cloud; this data is in turn viewed again by consumers usually through their mobile devices.


MD-CLOUD, Cloud forensic software for extraction and analysis of cloud data

“Anyone of these data intersections can be the subject of forensics; the more routes data takes, the higher the possibility to recover that data,” Jun added.

HancomGMD is planning to launch a new product that recovers data from the cloud, though privacy regulations in each country are expected to be a challenge to overcome.

Autonomous vehicles are also a big opportunity.

“Already we are saving navigation data, driving history, and various data from services that links the car to smartphones. Now we will have sensor data and video data around the cars as well. Autonomous cars will be a centerpiece for digital forensics that will help solve a lot of crimes”, said Jun.

Drones are also of increased interest in digital forensics; HancomGMD has hosted classes for investigators that explain its techniques to investigate shot down drones by analyzing wind velocity and their course. It already has over 10 drones, including those made by DJI and major manufacturers, in its database.

HancomGMD has over 15,000 smartphones and tablets by different manufacturers registered in its database; it plans to add more AI speakers, smart TVs, and drones in 2019.

AI, BIG DATA ANALYTICS
The explosion of digital evidence through the rise of 5G and IoT presents another problem, which is how to analyze the immense amount of accumulated data.

“Smartphone forensic market will continue to rise. Drones, vehicles and other IoT devices will further increase uptake for digital. In other words, there is just too much data and too little time for an investigator,” the managing director said.

“And more and bigger data analytics that sort all this data out will be accepted as a scientific investigative method used by investigators.”

Keyword search is obviously available already for texts, but more analytics tools are expected to be developed for video.

MD-RED, Data analysis software for recovery, decryption, visualization and reporting evidence data from mobile and digital devices

“We are adding detection summary for our video recovery programs. Next will be adding object detection such face and car plate numbers: users will input, in a text, the name of the object and the program will search for the correct target among the available data,” he said.

HancomGMD already offers visual guides, such as “Social relationship graphs”, for investigators to put crimes into context. By analyzing the complete set of communication data available to them involved in a crime, the company can draw a map that shows the social relationship, type, and amount of data exchanges between the suspects involved.

"We are already present in 10 countries globally and will meet this growing uptake for digital forensics to expand to 30 countries within three years," said Jun. "Mobile forensics will just get bigger and bigger."

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw 

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_5f72B6DD5wk

Programming Languages, Flipper And Gaming

Forensic Focus 24th May 2023 11:43 am

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian. 

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git. 

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git. 

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian.

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git.

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git.

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BX15Z_xF8mA

Preventing Data Leaks With Git Guardian

Forensic Focus 3rd May 2023 11:07 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...