원격공동분석 모델이 디지털포렌식 생산성에 미치는 영향연구
A Study on the Online Co-work Analysis Model Affecting Digital Forensics Performance
- 주제(키워드) 디지털포렌식 , Digital Forensics , Online Co-work Analysis , 원격공동분석
- 발행기관 아주대학교
- 지도교수 임성열
- 발행년도 2009
- 학위수여년월 2009. 8
- 학위명 석사
- 학과 및 전공 정보통신대학원 정보시스템관리
- 실제URI http://www.dcollection.net/handler/ajou/000000010247
- 본문언어 한국어
- 저작권 아주대학교 논문은 저작권에 의해 보호받습니다.
초록/요약
유비쿼터스로 대표되는 현대의 비즈니스는 표준화와 통합화로써 변화의 트렌드를 주도하고 있다. 현대 사회의 주요한 이슈는 개별 비즈니스에 대한 비즈니스 무결성(Integrity) 또는 책임추적성(Accountability) 유지방안이 될 것이며, 이미 정부는 “정보시스템의 효율적 도입 및 운영등에 관한 법률”을 공표하여 정보시스템감리를 위한 기반을 마련해 운영 중이다. 디지털세상으로의 변화는 범죄수사 분야에도 영향을 미치고 있다. 디지털포렌식 수요는 컴퓨터범죄에 국한되지 않고 강력범죄, 경제범죄, 보안․외사범죄 등 모든 범죄수사 분야로 확대되고 있다. 최근 한국의 ○○도 지역 경찰관서에서 압수한 12만건의 디지털매체 중 디지털증거분석 의뢰한 것은 고작 0.5%에 해당하는 640 여건뿐이었다. 먼 미래가 아닌 현 시점에도 약 200배 가량의 분석수요가 더 잠재되어 있다는 점은 놀라운 사실이다. 포렌식 결과에 대한 질적요구 수준도 높아지고 있다. 법원은 더 높은 신뢰수준의 분석결과를 요구하고 있다. 범죄자들은 새로운 범죄수법과 증거인멸 방법을 연구하고 있어 수사현장 실무자들은 실시간의 분석결과를 요구하고 있다. 마치 실시간 기업경영(Real-Time-Enterprise)의 이슈와 맥락을 같이 하는 것이다. 하지만, 현행 한국경찰의 디지털포렌식 조직 구조하에서는 분석관 개인의 경험과 지식에 의존하고 있어 모든 분야의 전문성을 기대하기 곤란한 문제점이 있다. 아무리 우수한 분석관이라고 할지라도 모든 정보통신분야의 전문지식과 형사소송 법률체계 및 수사실무 경험을 고루 겸비할 것을 기대하기 곤란하기 때문이다. 전문성 부족은 분석결과의 오류와 직결되어 억울한 피의자가 발생하거나 중요한 증거를 유실하여 결국 실체적 진실을 밝히지 못하게 된다. 이렇듯 디지털포렌식 분야에는 수요의 급증, 실시간분석 필요성, 엄격한 법률적 신뢰수준 부담, 전문지식 공유부족 등과 같은 위기가 도래하였다. 이러한 디지털포렌식 분야의 위기를 해결하기 위해서 분야별 전문가들이 참여하는 “다자간 원격공동분석시스템”을 제안한다. 제안모델은 증거수집 및 증거분석 단계에서 해당분야 전문가가 원격제어 기능을 이용하여 협력 지원을 할 수 있는 방법이다. 피터 드러커는 “지식경영이란 조직구성원 개개인의 지식이나 노하우를 체계적으로 발굴하여 조직내 보편적인 것으로 공유함으로써, 조직 전체의 문제 해결능력과 기업가치를 비약적으로 향상시키는 경영방식” 이라고 하였다. 본 연구에서는 제안모델을 적용하였을 경우 디지털포렌식의 생산성과 무결성에 미치는 영향을 연구한 결과, 분야별 전문가들이 상호간 전문지식과 숙련된 경험을 공유하게 되면 디지털포렌식의 정확성, 객관성, 신속성 등 3대 생산성 향상에 영향을 주고, 이를 통해 표준절차 준수 기회도 늘게 되어 결국 무결성도 향상 될 수 있다는 가능성을 확인하였다.
more초록/요약
New trend called ubiquitous leads the recent business by standardization and integration. It should be the main issue how to guarantee the Integration and accountability on each business. The ubiquitous surroundings bring the change in the field of criminal investigation. The needs of digital forensics are increasing on every crime scene not just on computer crime. The court ask for more accurately analysed results. Investigators in the crime scene need real-time analysis for against the crime armed with new technology. It seems to be needs of Real-Time-Enterprise on business. Digital forensic system in present status depends on know-how of each investigator and is hard to expect professional analysis on every field. I set up a hypothesis "Co-working of professional investigators on each field will rise Performance and Integrity" and suggest "Online co-work analysis model." At the conclusion, it proved the statistical research that is performed by forensic specialists.
more목차
제1장 서 론 ························································································ 1
제1절 연구 배경 ············································································· 1
제2절 연구 목적 및 방법 ······························································ 4
제2장 디지털포렌식의 한계와 대안이론 고찰 ····························· 6
제1절 현행 디지털포렌식의 한계 ··············································· 6
1. 디지털 포렌식의 범위 ··························································· 6
2. 디지털 포렌식 유형 ······························································· 6
3. 단독분석 방식의 한계 ··························································· 8
가. 표준절차 준수 미흡 ························································· 8
나. 정확성 결여 ······································································ 9
다. 신속성 저하 ······································································ 9
라. 객관성 부족 ······································································ 9
4. 사례 연구 ··············································································· 10
제2절 다자간 협업체제의 발전 ················································ 11
1. 화상회의 시스템 ·································································· 12
2. 원격제어 ··············································································· 12
3. 원격진료 ··············································································· 13
4. IPTV 기술 ············································································· 14
5. 원격지원 기술의 기타 활용분야 ······································· 14
제3절 정보보호 관리체계와 국내외 표준 고찰 ····················· 15
1. ISO 27001의 ISMS 인증기준 ············································ 16
2. KISA의 정보보호관리체계 인증기준 ······························ 19
3. NCSC 국가사이버안전매뉴얼 ········································· 23
4. 증거수집과정의 법률적 프라이버시 보장 ····················· 26
제3장 다자간 원격 공동분석 모델 제안 ··································· 29
제1절 제안모델 ········································································· 29
1. 범위 ····················································································· 29
2. 원격공동분석 진행 방법 ·················································· 30
3. 원격공동분석에 필요한 인프라 ······································ 31
4. 추진상 제약사항 ······························································· 33
제2절 제안모델의 무결성 유지방안 ··································· 34
1. 디지털포렌식 절차의 전통적 특수성 ·························· 35
가. 원본동일성 유지측면 ················································ 35
나. 분석방법의 무결성 측면 ··········································· 36
다. 개인정보 보호측면 ···················································· 38
라. 서비스 적시성 측면 ··················································· 38
2. 원격공동 분석의 무결성 유지방안 ······························ 39
제3절 연구모형의 설계 ························································ 43
1. 연구모형 ········································································· 43
2. 조사 방법과 표본집단 ··················································· 45
제4절 연구모형의 검증 ······················································· 45
1. 신뢰성 분석 ··································································· 45
2. 가설의 검증 ··································································· 49
제4장 결 론 ·············································································· 58
제1절 연구결과 ···································································· 58
제2절 제약사항 및 향후 연구과제 ···································· 59
참고문헌 ··················································································· 61
부 록
#1. 디지털증거분석 사례 7건 ············································ 64
#2. 설문지 ············································································· 71
#3. KISA의 정보보호관리 세부통제사항 ························· 78
ABSTRACT ············································································· 90
목차
표 목 차
[표 2-1] 경찰청에서 분류한 디지털포렌식 유형 ········ 7
[표 2-2] 표준절차를 준수하기 어려운 이유················· 8
[표 2-3] 디지털증거 분석 사례 ······································10
[표 2-4] 국내외 주요정보보호 점검지표 비교 ·············15
[표 2-5] ISO 27001의 보안 프레임워크 점검 항목 ······16
[표 2-6] KISA 정보보호관리 체계 인증기준 ··············· 20
[표 2-7] 국가사이버안전매뉴얼의 체크리스트 ··········· 23
[표 2-9] 전자기록 등 증거수집과정의 프라이버시 보장 관련 법규 ·························································································· 27
[표 3-1] 단계별 원격공동분석 과정 ······························· 30
[표 3-2] 원격공동분석에 필요한 장비 ··························· 32
[표 3-3] 디지털포렌식의 특수성을 고려한 주요 보안대책 ············································································································ 39
[표 3-4] 원격공동분석 수행 단계별 정보자산··············· 40
[표 3-5] 원격공동분석 수행 단계별 점검지표 ·············· 42
[표 3-6] 설문조사 문항별 측정내용 ································ 44
[표 3-7] 조직전문성 5개항의 신뢰도 분석결과 ············ 46
[표 3-8] 개인전문석 33개항의 신뢰도 분석결과 ·········· 46
[표 3-9] 기존체제의 생산성 만족도 9개항의 신뢰도 분석결과 ···································································································· 47
[표 3-10] 공동분석 모델의 생산성 3개항의 신뢰도 분석 결과 ······································································································· 48
[표 3-11] 각 측정변수별로 채택된 항목수로 재계산 ····· 48
[표 3-12] 조직의 전문성 지원만족도와 생산성과의 상관관계 ·········································································································· 49
[표 3-13] 개인의 전문성 지원만족도와 생산성과의 상관관계 ··········································································································· 51
[표 3-14] 협력근무환경(동료수)과 생산성과의 상관관계··· 53
[표 3-15] 제안모델의 정확성 만족도 기대감 ······················· 55
[표 3-16] 제안모델의 신속성 만족도 기대감 ······················· 55
[표 3-17] 제안모델의 객관성 만족도 기대감 ······················· 55
[표 3-18] 제안모델의 보안점검 항목별 필요성 의견수렴 결과 ············································································································ 56
목차
그 림 목 차
[그림 1-1 ] 논문의 구성 순서 ·································· 5
[그림 2-1 ] PDCA 모델 16
[그림 2-2 ] 5단계 정보보호 관리과정 ···················· 19
[그림 3-1 ] 원격 공동분석 시스템의 개념도 ··········29
[그림 3-2 ] 원격 공동분석 진행절차 ······················· 31
[그림 3-3 ] ○○지방경찰청 디지털증거분석실 ···· 33
[그림 3-4 ] 무결성 보장 점검지표 유추과정··········· 34
[그림 3-5 ] 연구모형 #1 ············································· 43
[그림 3-6 ] 연구모형 #2 ···············································43
[그림 3-7 ] 조직의 지식공유 환경과 생산성의 관계 ···51
[그림 3-8 ] 협력근무 환경(동료수)과 생산성의 상관관계 ········································································································· 54
