디지털 포렌식 사설 업체에 위탁된 데이터 보호 방안에 관한 연구 (디지털 포렌식 랩(시설)이 구비해야 할 요건 제시)

Digital evidence often plays an important role when demonstrating or accused of a crime. As it is used as an evidence in court, the demand for it has increased, which has led to an increase of private forensic companies. In this process, the client entrusts digital devices such as personal computers or mobile phones, and the sensitive and identification information of the individual will be handed over. The disclosure of personal information during the analysis process is inevitable, which increases the possibility of personal information infringement. Meanwhile, there is no obligation to supervise the management of such private companies, and only the personal information is left in the “ethical awareness” of the company analyst. There is no protection or regulation. Along with the revision of the Data 3 Act and the need to protect personal information, as proper regulation of digital forensics private companies is required, I suggest a system that can manage data to the stage of destruction based on the role of the Personal Information Protection Committee (Blockchain or Crowd-based consigned data history management system) in the short term and an alternative that takes legal and policy aspects into account. Also, from a long-term perspective, a combination of International Standard ISO 17025 and INTERPOL's International Digital Forensics Lab Standards Guidelines and the author's proposed system is presented. I wish that this will be a balanced alternative to protecting personal information for small research facilities or private companies.