• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.525-533
• /
• 2015

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

• Analytical Science and Technology
• /
• v.33 no.1
• /
• pp.23-32
• /
• 2020

Methamphetamine (MA) is the most common and available drug of abuse in Korea and its primary metabolite is amphetamine (AP). Detection of AP derivatives, such as MA, AP, phentermine (PT), MDA, MDMA, and MDEA by the use of immunoassay screening is not reliable and accurate due to cross-reactivity and insufficient specificity/sensitivity. Therefore, the analytical process accepted by most urine drug-testing programs employs the two-step method with an initial screening test followed by a more specific confirmatory test if the specimen screens positive. In this study, a gas chromatography-mass spectrometric (GC-MS) method was developed and validated for confirmation of MA and AP in human urine. Urine sample (500 µL) was added with N-isopropylbenzylamine as internal standard and ethyl chloroformate as a derivatization reagent, and then extracted with 200 µL of ethyl acetate. Extracted samples were analysed with GC-MS in the SIM/ Scan mode, which were screened by Cobas c311 analyzer (Roche/Hitachi) to evaluate the efficiency as well as the compatibility of the GC-MS method. Qualitative method validation requirements for selectivity, limit of detection (LOD), precision, accuracy, and specificity/sensitivity were examined. These parameters were estimated on the basis of the most intense and characteristic ions in mass spectra of target compounds. Precision and accuracy were less than 5.2 % (RSD) and ±14.0 % (bias), respectively. The LODs were 3 ng/mL for MA and 1.5 ng/mL for AP. At the screening immunoassay had a sensitivity of 100% and a specificity of 95.1 % versus GC-MS for confirmatory testing. The applicability of the method was tested by the analysis of spiked urine and abusers' urine samples.

• Analytical Science and Technology
• /
• v.32 no.5
• /
• pp.163-172
• /
• 2019

Methamphetamine (MA) is currently the most abused illicit drug in Korea and its major metabolite is amphetamine (AP). As MA exist as two enantiomers with the different pharmacological properties, it is necessary to determine their respective amounts in a sample. Thus a chiral stationary phase liquid chromatography-tandem mass spectrometric (LC-MS/MS) method was developed for identification and quantification of d-MA, l-MA, d-AP, and l-AP in human urine. Urine sample ($200{\mu}L$) was diluted with pure water and purified using solid-phase extraction (SPE) cartridge. A $5-{\mu}L$ aliquot of SPE treated sample solution was injected into LC-MS/MS system. Chiral separation was carried out on the Astec Chirobiotic V2 column with an isocratic elution for each enantiomer. Identification and quantification of enantiomeric MA and AP was performed using multiple reaction monitoring (MRM) detection mode. Linear regression with a $1/x^2$ as the weighting factor was applied to generate a calibration curve. The linear ranges were 25-1000 ng/mL for all compounds. The intra- and inter-day precisions were within 3.6 %, while the intra- and inter-day accuracies ranged from -5.4 % to 11.8 %. The limits of detection were 2.5 ng/mL (d-MA), 3.5 ng/mL (l-MA), 7.5 ng/mL (d-AP), and 7.5 ng/mL (l-AP). Method validation parameters such as selectivity, matrix effect, and stability were evaluated and met acceptance criteria. The applicability of the method was tested by the analysis of genuine forensic urine samples from drug abusers. d-MA is the most common compound found in urine and mainly used by abusers.

• Analytical Science and Technology
• /
• v.34 no.2
• /
• pp.68-77
• /
• 2021

Cannabis is one of the most abused drugs in Korea. The main psychoactive component in cannabis, Δ9-tetrahydrocannabinol, is metabolized to 11-nor-9-carboxy-Δ9-tetrahydrocannabinol (THCCOOH) and THCCOOH-glucuronide (THCCOOH-glu) in the human liver, whereby the amount of THCCOOH-glu found in urine is twice as high as that of THCCOOH. The analytical process adapted by the majority of urine drug-testing programs involves a two-step method consisting of an initial immunoassay-based screening test followed by a confirmatory test if the screening test result is positive. In this study, a qualitative gas chromatography-mass spectrometry (GC-MS) method was developed and validated for the detection of THCCOOH in human urine, where THCCOOH-glu was converted into THCCOOH by alkaline hydrolysis. For purification of the urine extract prior to instrumental analysis, high-speed centrifugation was used to minimize interference. In addition, an injection-port derivatization method using ethyl acetate and N,O-bis(trimethylsilyl)-trifluoroacetamide containing 1 % trimethylchlorosilane was employed to reduce the time required for derivatization, and an aliquot of the final solution was injected into the GC-MS. The method was validated by measuring the selectivity, limit of detection (LOD), and repeatability. The sensitivity, specificity, precision, accuracy, Kappa, F-measure, false positive, and false negative rate were determined by comparing the GC-MS results with those obtained using the immunoassay. The LOD was determined to be 0.32 ng/mL, while the repeatability was within 9.1 % for THCCOOH. Furthermore, a comparison study was carried out, whereby the screening immunoassay exhibited a sensitivity of 86.4 % and a specificity of 100 % compared to GC-MS. The applicability of the developed method was examined by analyzing spiked urine and forensic urine samples obtained from suspected cannabis abusers (n = 221).

• Tribology and Lubricants
• /
• v.28 no.6
• /
• pp.315-320
• /
• 2012

For proper functioning, general machines usually need lubricant oil as a cooling, cleaning, and sealing agent at points of mechanical contact. The quality of lubricant oil can deteriorate during operation owing to various causes such as high temperature, combustion products and extraneous impurities. In this study, a heavy load stopped during operation, and the oil was analyzed to check whether any impurities were added. Extraction using acetonitrile followed by reaction with BSTFA(bistrimethylsilyl trifluoroacetamide) showed that, trimethylsilylated ethylene glycol was present in the lubricant oil. To quantify the ethylene glycol in the oil, deuterium-substituted ethylene glycol, which acted as an internal standard, was added to the sample and then extracted with the solvent. Next, the extract was reacted with the derivatizing agent(BSTFA) and then analyzed with GC/MS. The detection limit of this method was found to be $0.5{\mu}g/g$ and the recovery of oil containing $20,000{\mu}g/g$ of ethylene glycol was measured to be 94.8%. A damaged O-ring and eroded cylinder liner were found during the overhaul, which implied the leakage of coolant containing ethylene glycol into the lubricating system. The erosion of the cylinder liner was assumed to be due to cavitation of the coolant in the cooling system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.71-82
• /
• 2024

With the advancement of information and communication technology (ICT), the use of electronic document types such as PDF, MS Office, and HWP files has increased. Such trend has led the cyber attackers increasingly try to spread malicious documents through e-mails and messengers. To counter such attacks, AI-based methodologies have been actively employed in order to detect malicious document files. The main challenge in detecting malicious HWP(Hangul Word Processor) files is the lack of quality dataset due to its usage is limited in Korea, compared to PDF and MS-Office files that are highly being utilized worldwide. To address this limitation, data augmentation have been proposed to diversify training data by transforming existing dataset, but as the usefulness of the augmented data is not evaluated, augmented data could end up harming model's performance. In this paper, we propose an effective semi-supervised learning technique in detecting malicious HWP document files, which improves overall AI model performance via quantifying the utility of augmented data and filtering out useless training data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.193-206
• /
• 2024

In tandem with the advancements in the digital era, the significance of digital data has escalated, necessitating an increased focus on digital forensics investigations. However, the process of collecting and analyzing digital evidence faces significant challenges, such as the unidentifiability of damaged files due to issues like media corruption and anti-forensic techniques. Moreover, the technological limitations of existing tools hinder the recovery of damaged files, posing difficulties in the evidence collection process. This paper aims to propose solutions for the recovery of corrupted MS Office files commonly used in digital data creation. To achieve this, we analyze the structure of MS Office files in the OOXML format and present a novel approach to overcome the limitations of current recovery tools. Through these efforts, we aim to contribute to enhancing the quality of evidence collection in the field of digital forensics by efficiently recovering and identifying damaged data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.2
• /
• pp.387-393
• /
• 2014

In recent years, the spread of computers is increasing, and efficient processing effort for unstructured Big Data is required. In this paper, we are proposed a system to extract the data typed in a word processor quickly by user creating and XML mapping file after converting XML data that has been entered in the office file(HWP, MS-office). In addition, we proposed a system is able to lookup the necessary data from a database by entered form in advance and convert word processor document to office files by the application program. The unstructured big data will be available to be used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.439-446
• /
• 2022

Document-type malicious codes are being actively distributed using attachments on websites or e-mails. Document-type malicious code is relatively easy to bypass security programs because the executable file is not executed directly. Therefore, document-type malicious code should be detected and prevented in advance. To detect document-type malicious code, we identified the document structure and selected keywords suspected of being malicious. We then created a dataset by converting the stream data in the document to ASCII code values. We specified the location of malicious keywords in the document stream data, and classified the stream as malicious by recognizing the adjacent information of the malicious keywords. As a result of detecting malicious codes by applying the CNN model, we derived accuracies of 0.97 and 0.92 in stream units and file units, respectively.

• Korean Journal of Environmental Agriculture
• /
• v.37 no.4
• /
• pp.291-301
• /
• 2018

BACKGROUND: Rice is one of the main sources for inorganic arsenic among the consumed crops in the world population's diet. Arsenic is classified into Group 1 as it is carcinogenic for humans, according to the IARC. This study was carried out to assess dietary exposure risk of inorganic arsenic in husked rice and polished rice to the Korean population health. METHODS AND RESULTS: Total arsenic was determined using microwave device and ICP-MS. Inorganic arsenic was determined by ICP-MS coupled with HPLC system. The HPLC-ICP-MS analysis was optimized based on the limit of detection, limit of quantitation, and recovery ratio to be $0.73-1.24{\mu}g/kg$, $2.41-4.09{\mu}g/kg$, and 96.5-98.9%, respectively. The inorganic arsenic concentrations of daily exposure (included in body weight) were $4.97{\times}10^{-3}$ (${\geq}20$ years old) $-1.36{\times}10^{-2}$ (${\leq}2$ years old) ${\mu}g/kg\;b.w./day$ (PTWI 0.23-0.63%) by the husked rice, and $1.39{\times}10^{-1}$ (${\geq}20$ years old) $-3.21{\times}10^{-1}$ (${\leq}2$ years old) ${\mu}g/kg\;b.w./day$ (PTWI 6.47-15.00%) by the polished rice. CONCLUSION: The levels of overall exposure to total and inorganic arsenic by the husked and polished rice were far lower than the recommended levels of The Joint FAO/WHO Expert Committee on Food Additives (JECFA), indicating of little possibility of risk.