저작자표시 - 비영리 - 변경금지 2.0 대한민국 이용자는아래의조건을따르는경우에한하여자유롭게 이저작물을복제, 배포, 전송, 전시, 공연및방송할수있습니다. 다음과같은조건을따라야합니다 : 저작자표시. 귀하는원저작자를표시하여야합니다. 비영리. 귀하는이저작물을영리목적으로이용할

저작자표시 - 비영리 - 변경금지 2.0 대한민국 이용자는아래의조건을따르는경우에한하여자유롭게 이저작물을복제, 배포, 전송, 전시, 공연및방송할수있습니다. 다음과같은조건을따라야합니다 : 저작자표시. 귀하는원저작자를표시하여야합니다. 비영리. 귀하는이저작물을영리목적으로이용할수없습니다. 변경금지. 귀하는이저작물을개작, 변형또는가공할수없습니다. 귀하는, 이저작물의재이용이나배포의경우, 이저작물에적용된이용허락조건을명확하게나타내어야합니다. 저작권자로부터별도의허가를받으면이러한조건들은적용되지않습니다. 저작권법에따른이용자의권리는위의내용에의하여영향을받지않습니다. 이것은이용허락규약 (Legal Code) 을이해하기쉽게요약한것입니다. Disclaimer

Ι

1) 2) (Electronic evidence) (Digital evidence),.,.

형사소송법제106조 4) ( 압수 ) 1 법원은필요한때에는피고사건과관계가있다고인정할수있는것에한정하여증거물또는몰수할것으로사료하는물건을압수할수있다. 단, 법률에다른규정이있는때에는예외로한다. 2 법원은압수할물건을지정하여소유자, 소지자또는보관자에게제출을명할수있다. 3 법원은압수의목적물이컴퓨터용디스크, 그밖에이와비슷한정보저장매체 ( 이하이항에서 정보저장매체등 이라한다 ) 인경우에는기억된정보의범위를정하여출력하거나복제하여제출받아야한다. 다만, 범위를정하여출력또는복제하는방법이불가능하거나압수의목적을달성하기에현저히곤란하다고인정되는때에는정보저장매체등을압수할수있다. 4 법원은제3항에따라정보를제공받은경우 개인정보보호법 제 2조제3호에따른정보주체에게해당사실을지체없이알려야한다. 3). 4).

5),,. 6),,, (2008). 300. 7) E.Casey, Digital Evidence and Computer Crime, (2004), 12. 8) SWGDE(Scientific Working Group on Digital Evidence,,,,, )

9) IOCE(International Organization of Computer Evidence, ) 10),,, (2006) 11) 3 1 ( 805,2015.7.16.)

12),, (2014) 7. 13), 22. 14) 0 1.

15),,, (2010) 66-67. 16),, 151-152.( )

17) 3,,,,,,. 18) 2004. 3. 23. 2003 126. 19),,, (2015). 301.

20),, 300. 21),, 302.

22) 48 ( ) 1. 1. 2. 3. 2 2. 3,,. 23), -,, (2004)

24),,, (2014). 566 570. 25) 133 (, ) 1,,. 2. 134 ( ). 135 ( ) 3

,,. 136 (, ) 1. 2. 3,. 137 ( ), 81 2,,,,. 138 ( ) 139 ( ). 26) 218 2(, ) 1,,. 2 4

27),, 242-243. 28) 483 ( ).

29) 485 ( ) 1.

30) http://forensic-proof.com/archives/389,(2015.12.28. ).

31),, 43-45.,.

32) IDEASv2.0 ( ),, IDEAS, (2015)

33),,,, (2015.9.3.) 34), - -, 680 (2013.5.), 251.

35), (2015.9.3.)

[ 압수 수색영장별지양식 ] 압수대상및방법의제한 1. 문서에대한압수.,.., 1) ( ) (,, ).. 36) ( :2015.8.1.), 2015.7.28.

. 2. 컴퓨터용디스크등정보저장매체에저장된전자정보에대한압수 수색 검증가. 전자정보의수색 검증,. 나. 전자정보의압수 (1) :. (2) ( ) ( ) - (1), 2),. ( ) 1) ( ) 3),. 2) 1),, 10. ( ) ( ),( ),,. (3) ( ) (1),(2), 1, 2 ( ). ( )

,. ( ) (, ),. 1) 피압수자 - 피의자나변호인, 소유자, 소지자 / 참여인 - 형사소송법제 123 조에정한참여인 2) 1 피압수자등이협조하지않거나, 협조를기대할수없는경우, 2 혐의사실과관련될개연성이있는전자정보가삭제 폐기된정황이발견되는경우, 3 출력 복제에의한집행이피압수자등의영업활동이나사생활의평온을침해하는경우,4 그밖에위각호에준하는경우를말한다. 3) 1 집행현장에서의하드카피 이미징이물리적 기술적으로불가능하거나극히곤란한경우, 2 하드카피 이미징에의한집행이피압수자등의영업활동이나사생활의평온을현저히침해하는경우,3 그밖에위각호에준하는경우를말한다.

37),, Ⅳ-2.. 38),....,,. (2011), 85. 39),, 259-261. 40),. 168-170.

41),. 42),. 177. 43),. E.Casey,, 21.

44), digital evidence -, -,, (2002), 55-56. 45) 1, 2 3, OS, 4 5 USB. 46),, 55.

47),, 266-267.

48)...... 49) 2009 41 (e), ᅟ., 41 (g)

(USCA, FRCrP, Rule 41 2009 Amendments.) 50),.( ).. 51) "Federal Rules of Evidence".

52),,, (2010) 283. 53),, 43 (2014.6.), 148. 54),, 142.

55),, 47-62. 56),,, (2007) 57), 1 ( ) ( 身上記錄, personal records), 2 ( 水液 ), 3 (journalistic material) (PACE 11 1 ).,

, ( 2, 3 ). 58) 1 ( ), 2. 59) Michael Zander Q.C., The Police and Criminal Evidence Act 1984(5th Edition), Sweet & Maxwell(2005), 88.

60) Http://www.7safe.com/research-and-insight/acpo-guidelines(2016. 1.11. ) 61) 1997 6 G8 (Denver), (high-tech crime). IOCE. IOCE 1999 (International Hi-Tech Crime and Forensics Conference), Practice Guide (SWGDE) ( Practice Guide ). -. -,. -,. -,,. -. -,,

. 62) audit trail. 63),,, (2002), 74-79.

64),,, (2009) 65) Klaus Volk, "Grundkurs StPO", (6. auflage), C.H.Beck, (2008) 66) 94 [ ] (1). (2). 67) Lutz Meyer-Großner, Strafprozessordnung(51. auflage), C.H.Beck, 2009, 305, Karlsruher Kommentar, Strafprozessordnung(6. Auflage), Verlag. C.H.Beck, 2009, 360, Grundatzentscheidung BVerGE 113, 29)

68) Dr. Wolfgang Bär, "Handbuch zur EDV-Beweissicherung im Strafverfahren", (2007), 42.

69),, (2006) 118. 70) 2013. 7. 26. 2013 2511.

71) 1. plain view, 2. 3, 3., 4.. 72). 73),, 142, 163. 74) 74 (2) 1. 1. 2. 75),, 47-62.

76) ( ),! : THE BASICS,, (2012), 130.

77) 2,,, (2011) 78) Fully Homomorphic Encryption 79),,, (2015) 267-268.

80) DRM,., (DRM)- -, M&B, (2007), 16. 81) DRM,. ( ), https://ko.wikipedia.org/wiki/%eb%94%94% EC%A7%80%ED%84%B8_%EA%B6%8C%EB%A6%AC_%EA%B4%80%EB%A6 %AC. (2016.1.4. ) 82),, 31. 83),,

디지털증거 watermark insertion 메타데이터 디지털증거 Encryption 메타데이터 디지털증거 메타데이터 디지털증거 피압수자 메타데이터 디지털증거 Decryption 메타데이터 watermark extraction (Embedding), (Detecting)..,,,, Digital Contents (2002). 84) Bill Rosenblatt, Digital Rights Management; Business and Technology, M&TBOOKS, (2002) 102. 85),,, 10 3, (2007.3.), 365-372. ( ) ( ).

86) Wade Trappe Lawrence C.Washington, Introduction to Cryptography with Coding Theory, Person, (2005) 2nd, 244.

(DigitalEvidencePack.DigitalSignature) 88).,,,,,, ID,,,..... / 선택 0..* 0..1 0..1 0..1 0..1 0..1 0..1 ID 0..1 0..1 87),. (2014) 88),. (2014), 13.

( 서명의범위표시 ) 0..* 0..* - : 서명의대상이되는 XML 내부경로 - : 오프라인서명의스캔본첨부등에활용 89),. 13. 90) Abraham Silberschatz( ),, McGraw-Hill Korea (2010. 12) 420-430.

91),

,,, [ -5]..

92),, (2009) 309.

93) 33 ( ) ➀,, ( ).

94)

( ) 1 ( ) ( ),. 2 ( )1.. 1. 2. 3. 4. 3 ( ) 1, 1. 2, 1. 4 ( )1 2. 2,, 2 10. 5 ( )..

Ι

Abstract After the general evidence seized(seized articles) is determined mainly confiscation possibilities in the investigation phase has recognized the occupation of ownership country, the possession of the person who seized. It is helpful to charges and prosecution to maintain recognition of the occupied country, also found occasionally yeojoe(other crimes). Whereas digital evidence has been admitted to occupy the country and confiscated copies in accordance with the principle of exceptional sources confiscated. Since the possession of the person who seized digital evidence is recognized, it may occur after replication, utilization, and disposal problems such as unauthorized by the original. So it's a restricted access measures be seized in digital evidence collection phase to prevent encryption, DRM, and suggested ways to upload to third parties. However, if considering the characteristics of the entirety of the thing that seized and digital evidence, And evidence expected confiscation, when the an article seized only for evidence, some confiscation expected succeeds or the evidence if the thing that seized was divided into three different approaches. And, after collecting digital evidence in the archive stage, "refund" or "analysis" above the variables for the evidence seized from a person who seized cases that occur, such as the possibility of raising the modulation proposed a digital signature

as the source block technique. The above-described encryption method is not possible to remove the re-usability, it was determined that the DRM system is rather a problem to produce a digital proof counterparts. And, in order to take advantage of the digital signature is suspected it excluded the possibility was considered necessary certification. As a result, this paper looked to find a way to satisfy both parties restricted access confiscated and seized a chair in the digital evidence collection and storage phase, and eventually came to the conclusion that receive "a trusted other institutions" to implement them. Keyword : Digital Evidence, Forfeit, Seizin, Restricted Access Measure Student Number : 2014-24857

저작자표시 - 비영리 - 변경금지 2.0 대한민국 이용자는아래의조건을따르는경우에한하여자유롭게 이저작물을복제, 배포, 전송, 전시, 공연및방송할수있습니다. 다음과같은조건을따라야합니다 : 저작자표시. 귀하는원저작자를표시하여야합니다. 비영리. 귀하는이저작물을영리목적으로이용할수없습니다. 변경금지. 귀하는이저작물을개작, 변형또는가공할수없습니다. 귀하는, 이저작물의재이용이나배포의경우, 이저작물에적용된이용허락조건을명확하게나타내어야합니다. 저작권자로부터별도의허가를받으면이러한조건들은적용되지않습니다. 저작권법에따른이용자의권리는위의내용에의하여영향을받지않습니다. 이것은이용허락규약 (Legal Code) 을이해하기쉽게요약한것입니다. Disclaimer

Ι

1) 2) (Electronic evidence) (Digital evidence),.,.

형사소송법제106조 4) ( 압수 ) 1 법원은필요한때에는피고사건과관계가있다고인정할수있는것에한정하여증거물또는몰수할것으로사료하는물건을압수할수있다. 단, 법률에다른규정이있는때에는예외로한다. 2 법원은압수할물건을지정하여소유자, 소지자또는보관자에게제출을명할수있다. 3 법원은압수의목적물이컴퓨터용디스크, 그밖에이와비슷한정보저장매체 ( 이하이항에서 정보저장매체등 이라한다 ) 인경우에는기억된정보의범위를정하여출력하거나복제하여제출받아야한다. 다만, 범위를정하여출력또는복제하는방법이불가능하거나압수의목적을달성하기에현저히곤란하다고인정되는때에는정보저장매체등을압수할수있다. 4 법원은제3항에따라정보를제공받은경우 개인정보보호법 제 2조제3호에따른정보주체에게해당사실을지체없이알려야한다. 3). 4).

5),,. 6),,, (2008). 300. 7) E.Casey, Digital Evidence and Computer Crime, (2004), 12. 8) SWGDE(Scientific Working Group on Digital Evidence,,,,, )

9) IOCE(International Organization of Computer Evidence, ) 10),,, (2006) 11) 3 1 ( 805,2015.7.16.)

12),, (2014) 7. 13), 22. 14) 0 1.

15),,, (2010) 66-67. 16),, 151-152.( )

17) 3,,,,,,. 18) 2004. 3. 23. 2003 126. 19),,, (2015). 301.

20),, 300. 21),, 302.

22) 48 ( ) 1. 1. 2. 3. 2 2. 3,,. 23), -,, (2004)

24),,, (2014). 566 570. 25) 133 (, ) 1,,. 2. 134 ( ). 135 ( ) 3

,,. 136 (, ) 1. 2. 3,. 137 ( ), 81 2,,,,. 138 ( ) 139 ( ). 26) 218 2(, ) 1,,. 2 4

27),, 242-243. 28) 483 ( ).

29) 485 ( ) 1.

30) http://forensic-proof.com/archives/389,(2015.12.28. ).

31),, 43-45.,.

32) IDEASv2.0 ( ),, IDEAS, (2015)

33),,,, (2015.9.3.) 34), - -, 680 (2013.5.), 251.

35), (2015.9.3.)

[ 압수 수색영장별지양식 ] 압수대상및방법의제한 1. 문서에대한압수.,.., 1) ( ) (,, ).. 36) ( :2015.8.1.), 2015.7.28.

. 2. 컴퓨터용디스크등정보저장매체에저장된전자정보에대한압수 수색 검증가. 전자정보의수색 검증,. 나. 전자정보의압수 (1) :. (2) ( ) ( ) - (1), 2),. ( ) 1) ( ) 3),. 2) 1),, 10. ( ) ( ),( ),,. (3) ( ) (1),(2), 1, 2 ( ). ( )

,. ( ) (, ),. 1) 피압수자 - 피의자나변호인, 소유자, 소지자 / 참여인 - 형사소송법제 123 조에정한참여인 2) 1 피압수자등이협조하지않거나, 협조를기대할수없는경우, 2 혐의사실과관련될개연성이있는전자정보가삭제 폐기된정황이발견되는경우, 3 출력 복제에의한집행이피압수자등의영업활동이나사생활의평온을침해하는경우,4 그밖에위각호에준하는경우를말한다. 3) 1 집행현장에서의하드카피 이미징이물리적 기술적으로불가능하거나극히곤란한경우, 2 하드카피 이미징에의한집행이피압수자등의영업활동이나사생활의평온을현저히침해하는경우,3 그밖에위각호에준하는경우를말한다.

37),, Ⅳ-2.. 38),....,,. (2011), 85. 39),, 259-261. 40),. 168-170.

41),. 42),. 177. 43),. E.Casey,, 21.

44), digital evidence -, -,, (2002), 55-56. 45) 1, 2 3, OS, 4 5 USB. 46),, 55.

47),, 266-267.

48)...... 49) 2009 41 (e), ᅟ., 41 (g)

(USCA, FRCrP, Rule 41 2009 Amendments.) 50),.( ).. 51) "Federal Rules of Evidence".

52),,, (2010) 283. 53),, 43 (2014.6.), 148. 54),, 142.

55),, 47-62. 56),,, (2007) 57), 1 ( ) ( 身上記錄, personal records), 2 ( 水液 ), 3 (journalistic material) (PACE 11 1 ).,

, ( 2, 3 ). 58) 1 ( ), 2. 59) Michael Zander Q.C., The Police and Criminal Evidence Act 1984(5th Edition), Sweet & Maxwell(2005), 88.

60) Http://www.7safe.com/research-and-insight/acpo-guidelines(2016. 1.11. ) 61) 1997 6 G8 (Denver), (high-tech crime). IOCE. IOCE 1999 (International Hi-Tech Crime and Forensics Conference), Practice Guide (SWGDE) ( Practice Guide ). -. -,. -,. -,,. -. -,,

. 62) audit trail. 63),,, (2002), 74-79.

64),,, (2009) 65) Klaus Volk, "Grundkurs StPO", (6. auflage), C.H.Beck, (2008) 66) 94 [ ] (1). (2). 67) Lutz Meyer-Großner, Strafprozessordnung(51. auflage), C.H.Beck, 2009, 305, Karlsruher Kommentar, Strafprozessordnung(6. Auflage), Verlag. C.H.Beck, 2009, 360, Grundatzentscheidung BVerGE 113, 29)

68) Dr. Wolfgang Bär, "Handbuch zur EDV-Beweissicherung im Strafverfahren", (2007), 42.

69),, (2006) 118. 70) 2013. 7. 26. 2013 2511.

71) 1. plain view, 2. 3, 3., 4.. 72). 73),, 142, 163. 74) 74 (2) 1. 1. 2. 75),, 47-62.

76) ( ),! : THE BASICS,, (2012), 130.

77) 2,,, (2011) 78) Fully Homomorphic Encryption 79),,, (2015) 267-268.

80) DRM,., (DRM)- -, M&B, (2007), 16. 81) DRM,. ( ), https://ko.wikipedia.org/wiki/%eb%94%94% EC%A7%80%ED%84%B8_%EA%B6%8C%EB%A6%AC_%EA%B4%80%EB%A6 %AC. (2016.1.4. ) 82),, 31. 83),,

디지털증거 watermark insertion 메타데이터 디지털증거 Encryption 메타데이터 디지털증거 메타데이터 디지털증거 피압수자 메타데이터 디지털증거 Decryption 메타데이터 watermark extraction (Embedding), (Detecting)..,,,, Digital Contents (2002). 84) Bill Rosenblatt, Digital Rights Management; Business and Technology, M&TBOOKS, (2002) 102. 85),,, 10 3, (2007.3.), 365-372. ( ) ( ).

86) Wade Trappe Lawrence C.Washington, Introduction to Cryptography with Coding Theory, Person, (2005) 2nd, 244.

(DigitalEvidencePack.DigitalSignature) 88).,,,,,, ID,,,..... / 선택 0..* 0..1 0..1 0..1 0..1 0..1 0..1 ID 0..1 0..1 87),. (2014) 88),. (2014), 13.

( 서명의범위표시 ) 0..* 0..* - : 서명의대상이되는 XML 내부경로 - : 오프라인서명의스캔본첨부등에활용 89),. 13. 90) Abraham Silberschatz( ),, McGraw-Hill Korea (2010. 12) 420-430.

91),

,,, [ -5]..

92),, (2009) 309.

93) 33 ( ) ➀,, ( ).

94)

( ) 1 ( ) ( ),. 2 ( )1.. 1. 2. 3. 4. 3 ( ) 1, 1. 2, 1. 4 ( )1 2. 2,, 2 10. 5 ( )..

Ι

Abstract After the general evidence seized(seized articles) is determined mainly confiscation possibilities in the investigation phase has recognized the occupation of ownership country, the possession of the person who seized. It is helpful to charges and prosecution to maintain recognition of the occupied country, also found occasionally yeojoe(other crimes). Whereas digital evidence has been admitted to occupy the country and confiscated copies in accordance with the principle of exceptional sources confiscated. Since the possession of the person who seized digital evidence is recognized, it may occur after replication, utilization, and disposal problems such as unauthorized by the original. So it's a restricted access measures be seized in digital evidence collection phase to prevent encryption, DRM, and suggested ways to upload to third parties. However, if considering the characteristics of the entirety of the thing that seized and digital evidence, And evidence expected confiscation, when the an article seized only for evidence, some confiscation expected succeeds or the evidence if the thing that seized was divided into three different approaches. And, after collecting digital evidence in the archive stage, "refund" or "analysis" above the variables for the evidence seized from a person who seized cases that occur, such as the possibility of raising the modulation proposed a digital signature

as the source block technique. The above-described encryption method is not possible to remove the re-usability, it was determined that the DRM system is rather a problem to produce a digital proof counterparts. And, in order to take advantage of the digital signature is suspected it excluded the possibility was considered necessary certification. As a result, this paper looked to find a way to satisfy both parties restricted access confiscated and seized a chair in the digital evidence collection and storage phase, and eventually came to the conclusion that receive "a trusted other institutions" to implement them. Keyword : Digital Evidence, Forfeit, Seizin, Restricted Access Measure Student Number : 2014-24857