Patent application number | Description | Published |
20110047130 | METHOD AND APPARATUS FOR COLLECTING EVIDENCE - Method and apparatus for collecting evidence are provided. An exemplary embodiment enhances accuracy and efficiency of collecting evidence by analyzing link information in the target computer and collecting collection target file. And the exemplary embodiment can collect evidence from a target computer as well as from a remote computer through analyzing the link information in the target computer, identifying the path of collection target file and extracting the target file. | 02-24-2011 |
20110055163 | PARTITION RECOVERY METHOD AND APPARATUS - Provided is a technology which searches an unallocated area to quickly extract information on a deleted partition when checking a disk and an evidence image in digital forensic, and adds a recovered partition to a forensic tool as a new partition. For this, the technology has direct access to the sector of a disk or an evidence image which is obtained, limits information search on an unallocated area only to an area satisfying the minimum size in which a partition may be created, changes an LBA-based sector access scheme into a CHS-based sector access scheme, and reads only the sector of a location having the possibility that a boot record exists to search information of a deleted partition, recovering a partition at high speed. | 03-03-2011 |
20110099639 | METHOD AND APPARATUS FOR PREVENTING AUTORUN OF PORTABLE USB STORAGE - Provided is a technology which creates an autorun file that is used in autorun for preventing the autorun of a USB-based portable storage, thereby allowing an arbitrary user or worm virus not to manipulate the autorun file. A method for preventing autorun of portable storage accesses at least one of a master file table entry of a root directory and a master file table entry of an autorun file, and sets non-autorun in the at least one accessed master file table entry. | 04-28-2011 |
20110234254 | TERMINAL DISCRIMINATING APPARATUS AND TERMINAL DISCRIMINATING METHOD USING THE SAME - A terminal discriminating apparatus and a terminal discriminating method using the same are provided. The terminal discriminating apparatus includes: a measurement unit for measuring a pull-up voltage and a pull-down voltage of each of candidate terminals to be discriminated; a discriminating unit for comparing the pull-up voltages, pull-down voltages, and the differences between the pull-up voltages and pull-down voltages for the candidate terminals to discriminate the types of the candidate terminals; and an output unit for outputting results of the discrimination of the candidate terminals transferred from the discriminating unit. The types of the candidate terminals can be discriminated by comparing the pull-up voltage, the pull-down voltage, and the differences between the pull-up voltages and the pull-down voltages for the candidate terminals. | 09-29-2011 |
20110239294 | SYSTEM AND METHOD FOR DETECTING MALICIOUS SCRIPT - Provided are a system and method for detecting a malicious script. The system includes a script decomposition module for decomposing a web page into scripts, a static analysis module for statically analyzing the decomposed scripts in the form of a document file, a dynamic analysis module for dynamically executing and analyzing the decomposed scripts, and a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts. The system and method can recognize a hidden dangerous hypertext markup language (HTML) tag irrespective of an obfuscation technique for hiding a malicious script in a web page and thus can cope with an unknown obfuscation technique. | 09-29-2011 |
20110270969 | VIRTUAL SERVER AND METHOD FOR IDENTIFYING ZOMBIE, AND SINKHOLE SERVER AND METHOD FOR INTEGRATEDLY MANAGING ZOMBIE INFORMATION - Provided are a virtual server and method for identifying a zombie, and a sinkhole server and method for integratedly managing zombie information. The virtual server includes an authentication processing module authenticating a host using a CAPTCHA test and providing a cookie to the authenticated host when a web server access request message received from the host does not include a cookie, a cookie value verification module for extracting a cookie value from the web server access request message and verifying the extracted cookie value when the web server access request message includes a cookie, a web page access inducement module for inducing the host to access a web server when the cookie value is verified, and a zombie identification module for blocking access of the host when the cookie value is not verified, and identifying the host as a zombie when the number of blocking operations exceeds a threshold value. | 11-03-2011 |
20110271342 | DEFENSE METHOD AND DEVICE AGAINST INTELLIGENT BOTS USING MASQUERADED VIRTUAL MACHINE INFORMATION - A defense method and device against intelligent bots using masqueraded virtual machine information are provided. The method includes performing global hooking on a virtual machine detection request transmitted by a process, determining, on the basis of pre-stored malicious process information, whether or not, the process transmitting the virtual machine detection request corresponds to a malicious process, and when the process is found to correspond to the malicious process as a result of the determination, determining that the process is generated by the intelligent bot, and returning the masqueraded virtual machine information to the process. | 11-03-2011 |
20110271343 | APPARATUS, SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE - Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code. | 11-03-2011 |