Publications
Detailed Information
디지털 증거의 특성을 고려한 압수수색방안 제안 : A Study on the Effective Investigation and Management of Digital Evidence
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | 이병영 | - |
| dc.contributor.author | 이지연 | - |
| dc.date.accessioned | 2021-11-30T04:36:48Z | - |
| dc.date.available | 2021-11-30T04:36:48Z | - |
| dc.date.issued | 2021-02 | - |
| dc.identifier.other | 000000164579 | - |
| dc.identifier.uri | https://hdl.handle.net/10371/175837 | - |
| dc.identifier.uri | https://dcollection.snu.ac.kr/common/orgView/000000164579 | ko_KR |
| dc.description | 학위논문 (석사) -- 서울대학교 대학원 : 융합과학기술대학원 수리정보과학과, 2021. 2. 이병영. | - |
| dc.description.abstract | 국문초록
압수수색영장 실무 및 법원의 증거능력과 관련된 현재 판례는 디 지털 증거의 특성을 고려하지 않은 채 선별 압수수색의 원칙을 엄 격하게 적용하고 있다. 예외적으로 저장매체 자체의 압수 또는 저장매체 전체의 이미징을 통해 수사기관으로 반출된 증거의 경우에도 이를 선별 또는 분석하는 과정에 피압수자 등의 참여권 보장을 엄격하게 요구하고 있어 디지털 증거가 증거로 사용되는 요건을 매우 제한적으로 좁혀 놓았다. 이에 따라 초기에 확보해야 할 디지털 증거는 흔적도 없이 사라지게 되고, 실체적 진실 발견을 위해 수사기관은 더욱 많은 시간과 비용을 들여야 하며, 상당한 시간이 소요되는 선별·분석과정에서의 참여권 보장은 그 제도의 정당성에도 불구하고 현실적으로는 피압수자 및 수사기관 모두에게 부담을 안겨주었고, 수사기밀의 유출 위험, 참여 권 남용 등 많은 실무적 문제점들을 야기하였다. 이는 결과적으로 형사사법의 근간을 흔들고, 억울한 피해자를 양산하며, 사법제도에 대한 불신으로 이어질 수 있다. 이러한 실무 상의 문제점을 해결하기 위해 본고에서는 디지털 증거의 특성을 고려한 압수수색방안을 제안해 보고자 한다. 우선 1단계로 현행 영장 실무에 따라 사용자가 작성한 문서, 메 시지 등의 경우에는 현재와 같이 키워드 검색 등을 통해 범죄와 관 련성이 인정되는 정보를 수집하고, 컴퓨터 생성 정보의 경우 디지 털 증거의 진정 성립 입증에 필요한 증거인 간접증거로 보아 관련성의 범위를 보다 넓게 인정하여 컴퓨터 생성 증거 전체를 현장에서 이미 징하여 함께 압수수색하는 방안이다. 다음으로 이와 같은 선별 압수수색과 더불어 저장매체 전체 이 미지에 대하여 물리 이미징을 한 뒤 공개키로 암호화하여 신뢰계산 기술을 활용한 블랙박스 안에 저장하는 2단계 압수수색방안을 제안 한다. 현장에서의 선별 압수수색만으로는 수사 및 재판 과정에서 추가 증거 확보가 필요함에도 이를 확보하기 어렵고, 은닉·삭제된 증거를 발견·복구하기 어려우며, 키워드 검색만으로는 관련성 있는 증거의 검출이 상당 부분 누락될 수 있으므로, 저장매체 전체의 물리 이미 지를 확보할 필요성이 존재한다. 신뢰계산 기술을 활용한 블랙박스 안에 암호화된 상태로 보관되 는 디지털 증거는 누구도 접근할 수 없고, 추가로 필요한 증거가 생 기는 경우 담당 수사관이 이를 추출할 수 있는 계산 프로그램 및 이와 같은 증거의 필요성 등을 소명하면 담당 검사가 이를 확인한 뒤 승인하고, 해당 증거만을 비밀키로 복호화 시켜 증거로 사용하는 방안이다. 이와 같은 일련의 절차를 독립적인 제3의 검증기관에서 사후적으로 검증한다면 그 신뢰성을 보완할 수 있을 것이다. 신뢰계산 기술 방법은 Intel사의 Software Guard Extention과 같이 실무에서 이미 사용되고 있는 기술로, 동형암호에 비해 적은 시간과 비용으로 바로 구현 및 적용할 수 있다는 장점이 있다. 이와 같은 2단계 압수수색방안에 따르면 수사 초기에 확보할 수 있는 디지털 증거를 모두 확보하되, 피압수자의 개인정보를 보호하 고, 사생활의 비밀 등 기본권 침해 가능성을 낮출 수 있으므로, 실 체적 진실의 발견과 적법절차의 원칙 모두를 조화롭게 구현할 수 있을 것으로 예상된다. | - |
| dc.description.abstract | Abstract
The precedents related to the practice of seizure and search warrants and the court's ability to prove evidence strictly apply the principle of selective seizure and search without considering the characteristics of digital evidence. As a result, digital evidence to be secured in the beginning disappears without a trace, and investigative agencies have to spend more time and money to discover the actual truth, causing many practical problems such as the risk of leakage of investigative secrets and abuse of the right to participate. To solve these practical problems, this study proposes a second-stage seizure and search plan that considers the characteristics of digital evidence. In the first step, the relevant evidence generated by the user and all the computer-generated evidence is collected in the field, confiscated in a logical imaging format, and uploaded to D-NET for analysis. In the second step, the entire storage medium is physically imaged and then encrypted and uploaded into a black box based on the hardware-assisted trusted computing. As above, the encrypted evidence is calculated and decrypted only in the black box, but it can be decrypted only with the approval of the prosecutor, and the calculation process is also encrypted. In addition, since the entire physical image that has not been screened is not decoded, but only relevant evidence is decoded, the fear of infringing the secrets of the confiscated people's privacy and personal information is expected to be low. Based on such hardware-assisted trusted computing technology, it is possible to secure necessary evidence before the disappearance of digital evidence, and display only evidence relevant to crime among them, harmoniously ensuring the illegality problem caused by the violation of the relevance standard and the possibility of loss of computer-generated evidence. | - |
| dc.description.tableofcontents | 목 차
제 1 장 서론 ································································· 1 제 1 절 연구배경 ··································································· 1 제 2 절 연구방법 ··································································· 2 제 2 장 디지털 증거의 증거능력 ···························· 3 제 1 절 디지털 증거의 의의 및 특성 ······························ 3 제 2 절 디지털 증거의 무결성과 동일성 확보 ············· 5 제 3 절 디지털 증거의 진정성립 ······································ 8 1. 전문법칙과 디지털 증거 ····················································· 8 2. 형사소송법 제313조 제2항 입법 경위 및 학설의 태도 9 3. 디지털 증거와 작성자 특정의 문제 ································· 11 4. 디지털 증거와 진정성립에 대한 판례의 태도 ··············· 12 제 3 장 컴퓨터 생성 증거 수집의 중요성 ··········· 17 제 1 절 개요 ············································································ 17 제 2 절 파일 시스템 ··························································· 18 제 3 절 메타 데이터 ··························································· 19 1. 메타 데이터의 정의 및 유형 ············································· 19 2. 파일 시스템 메타 데이터····················································· 20 제 4 절 윈도우 레지스트리 ················································ 22 제 5 절 이벤트로그 ····························································· 25 제 6 절 저널링 파일 시스템 ·············································· 26 제 7 절 볼륨 새도우 카피 ··················································· 27 제 8 절 슬랙 공간 ······························································· 27 제 9 절 프리패치 ··································································· 29 제 10 절 휴지통 ··································································· 30 제 11 절 바로가기 ······························································· 31 제 12 절 점프리스트 ····························································· 31 제 13 절 인터넷 접속 관련 기록 ······································ 32 1. 쿠키 ························································································· 32 2. 히스토리················································································· 33 3. 웹 캐쉬··················································································· 33 제 4 장 디지털 증거 압수수색 실무 및 문제점 · 33 제 1 절 선별 압수수색의 원칙 및 문제점 ····················· 33 1. 관련 규정 ··············································································· 33 2. 판례의 태도 ··········································································· 34 3. 선별 압수수색 실무····························································· 37 4. 해외 입법례 ··········································································· 41 5. 선별 압수수색과 관련된 문제점······································· 42 제 2 절 참여권 보장과 관련된 실무 및 문제점 ··········· 43 1. 관련 규정 ··············································································· 43 2. 압수수색 집행 종료 시기에 대한 논의 ··························· 44 3. 해외 입법례 ··········································································· 48 4. 참여권 보장과 관련된 문제점 ··········································· 48 제 5 장 저장매체 전체 물리 이미지 확보 필요성 50 제 1 절 물리 이미징과 논리 이미징 ································ 50 제 2 절 안티포렌식 행위 ····················································· 51 1. 개요 ························································································· 51 2. 데이터 삭제 ··········································································· 51 3. 데이터 은닉 ··········································································· 52 제 3 절 삭제된 디지털 증거 복구 ···································· 56 제 4 절 현장 키워드 검색의 한계 ···································· 58 제 5 절 추가 증거 확보 필요성 ······································ 60 제 6 절 소결 ·········································································· 61 제 6 장 새로운 방법의 제안 ···································· 62 제 1 절 기존 연구 방법 ······················································· 62 제 2 절 2단계 압수수색 방안 개요 ·································· 65 제 3 절 관련성 있는 디지털 증거의 범위 확장 ··········· 66 1. 관련성의 의미······································································· 66 2. 컴퓨터 생성 증거와 관련성 ··············································· 67 3. 소결 ························································································· 68 제 4 절 신뢰계산 기술 방법 ·············································· 69 1. 개인정보 보호 기술····························································· 69 2. 신뢰계산 기술······································································· 71 3. Intel SGX(Software Guard Extention) ·························· 72 제 5 절 신뢰계산 기술을 활용한 디지털 증거 압수수색 76 1. 기본 아이디어······································································· 76 2. 실무에의 적용 검토····························································· 77 3. 비밀키 생성 및 보관 주체에 대한 검토 ························· 79 4. 구체적인 절차······································································· 81 5. 예상되는 효과 ····································································· 83 제 7 장 결론 ································································85 참고문헌 ········································································88 | - |
| dc.format.extent | vii, 93 | - |
| dc.language.iso | kor | - |
| dc.publisher | 서울대학교 대학원 | - |
| dc.subject | 디지털 증거 | - |
| dc.subject | 선별 압수수색 | - |
| dc.subject | 신뢰계산 기술 | - |
| dc.subject | 관련성 | - |
| dc.subject | 컴퓨터 생성 증거 | - |
| dc.subject | 디지털 증거의 진정성립 | - |
| dc.subject | 참여권 | - |
| dc.subject | Digital Evidence | - |
| dc.subject | Selective acquisition of the information | - |
| dc.subject | Hardware-assisted Trusted Computing | - |
| dc.subject | Relevance | - |
| dc.subject | Computer generated evidence | - |
| dc.subject | The true establishment of digital evidence | - |
| dc.subject | The right to participate and observe | - |
| dc.subject.ddc | 510.285 | - |
| dc.title | 디지털 증거의 특성을 고려한 압수수색방안 제안 | - |
| dc.title.alternative | A Study on the Effective Investigation and Management of Digital Evidence | - |
| dc.type | Thesis | - |
| dc.type | Dissertation | - |
| dc.contributor.AlternativeAuthor | LEE JIYEON | - |
| dc.contributor.department | 융합과학기술대학원 수리정보과학과 | - |
| dc.description.degree | Master | - |
| dc.date.awarded | 2021-02 | - |
| dc.identifier.uci | I804:11032-000000164579 | - |
| dc.identifier.holdings | 000000000044▲000000000050▲000000164579▲ | - |
- Appears in Collections:
- Files in This Item:
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.