• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.221-239
• /
• 2020

In this paper, a visualization digital forensics tool, called JumpList Analyzer, is implemented. The tool can analyze the complicated Jump Lists files, and then the results are demonstrated by visualization. To compare the proposed tool with the other Jump Lists tools, the proposed tool is the only one can display the analyzed results by visualization. The visualization will help the investigators more easily to find the evidence than the other tools showing the analyzed results by texts only. In the experiment, the proposed JumpList Analyzer is demonstrated its convenience at identifying artifacts for doing digital forensics in a financial fraud case. In addition, the proposed tool can also be used to reveal the computer user's behavior or background.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.523-533
• /
• 2014

It has been spent too much time to figure out the incident route when we are facing computer security incident. The incident often recurs moreover the damage is expanded because critical clues are lost while we are wasting time with hesitation. This paper suggests to build a Digital Evidence Map (DEM) in order to find out the incident cause speedy and accurately. The DEM is consist of the log chain which is a mesh relationship between machine data. And the DEM should be managed constantly because the log chain is vulnerable to various external facts. It could help handle the incident quickly and cost-effectively by acquainting it before incident. Thus we can prevent recurrence of incident by removing the root cause of it. Since the DEM has adopted artifacts in data as well as log, we could make effective response to APT attack and Anti-Forensic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.353-363
• /
• 2021

As the Untact era is rapidly changing, collaboration tools are increasing their utilization and value as digital technologies for non-face-to-face work. While instant messenger-based collaboration tools support a variety of functions, crime and accident concerns are also increasing in proportion to their convenience, such as information leakage and security incidents. Meanwhile, the digital forensics perspective on collaborative tools is not enough, so forensics research is needed. This study analyzes significant artifacts in the two operating environments through Windows and Android forensics research on Microsoft Teams, the collaboration tool with the highest share in the world. Also, based on differences in artifacts and data attributes according to the operating environment, by applying 'differential forensic', we proved that the usefulness of evidence can be improved by presenting a complementary analysis method and timeline configuration through information linkage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.753-761
• /
• 2017

Recently, malicious code infiltration and leakage of confidential documents using external USB medium are frequently occurring in each field. We investigate the media to investigate incidents using external USB media, but there are many difficulties in that they can be lost or damaged. Ultimately, in order to investigate cases of external USB media, it is necessary to conduct a direct analysis of the external USB media as well as the system to which the media is connected. This paper describes an analysis of the artifacts of Windows systems to which external USB media is connected, and how to check the job history on the media. Therefore, it is expected that the system can be used to analyze the job history of the USB medium even if the external USB medium is not secured.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.7
• /
• pp.307-314
• /
• 2017

Stick-PC is small and portable, So it can be used like a desktop if you connect it to a display device such as a monitor or TV anytime and anywhere. Accordingly, Stick-PC can related to various crimes, and various evidence may remain. Stick-PC uses the same Windows version of the operating system as the regular Desktop, the artifacts to be analyzed are the same. However, unlike the Desktop, it can be used as a meaningful information for forensic investigation if it is possible to identify the actual user and trace the usage by finding the traces of peripheral devices before analyzing the system due to the mobility. In this paper, We presents a method of collecting images using Bootable OS, which is one of the image collection methods of Stick-PC. In addition, we show how to analyze the trace of peripheral connection and network connection trace such as Display, Bluetooth through the registry and event log, and suggest the application method from the forensic point of view through experimental scenario.

• Journal of the Korean Society of Radiology
• /
• v.15 no.7
• /
• pp.935-942
• /
• 2021

Involuntary movement of internal organs by respiration is a factor that greatly affects the results of radiotherapy and diagnosis. In this study, a moving phantom was fabricated to simulate the movement of an organ or a tumor according to respiration, and ¹⁸F-FDG PET/CT scan images were acquired under various respiratory simulating conditions to analyze the movement range of the tumor movement by respiration, the level of artifacts according to the size of the tumor and the maximum standardized uptake value (SUVmax). Based on Windows CE 6.0 as the operating system, using electric actuator, electric actuator positioning driver, and programmable logic controller (PLC), the position and speed control module was operated normally at a moving distance of 0-5 cm and 10, 15, and 20 reciprocations. For sphere diameters of 10, 13, 17, 22, 28, and 37 mm at a delay time of 100 minutes, 80.4%, 99.5%, 107.9%, 113.1%, 128.0%, and 124.8%, respectively were measured. When the moving distance was the same, the difference according to the respiratory rate was insignificant. When the number of breaths is 20 and the moving distance is 1 cm, 2 cm, 3 cm, and 5 cm, as the moving distance increased at the sphere diameters of 10, 13, 17, 22, 28, and 37 mm, the ability to distinguish images from smaller spheres deteriorated. When the moving distance is 5 cm compared to the still image, the maximum values of the standard intake coefficient were 18.0%, 23.7%, 29.3%, 38.4%, 49.0%, and 67.4% for sphere diameters of 10, 13, 17, 22, 28, and 37 mm, respectively.

• Journal of Internet of Things and Convergence
• /
• v.9 no.6
• /
• pp.23-28
• /
• 2023

Windows operating system generates various logs with timestamps. Timestamp tampering is an act of anti-forensics in which a suspect manipulates the timestamps of data related to a crime to conceal traces, making it difficult for analysts to reconstruct the situation of the incident. This can delay investigations or lead to the failure of obtaining crucial digital evidence. Therefore, various techniques have been developed to detect timestamp tampering. However, there is a limitation in detection if a suspect is aware of timestamp patterns and manipulates timestamps skillfully or alters system artifacts used in timestamp tampering detection. In this paper, a method is designed to detect changes in timestamps, even if a suspect alters the timestamp of a file on a storage device, it is challenging to do so with precision beyond millisecond order. In the proposed detection method, the first step involves verifying the timestamp of a file suspected of tampering to determine its write time. Subsequently, the confirmed time is compared with the file size recorded within that time, taking into consideration the performance of the storage device. Finally, the total capacity of files written at a specific time is calculated, and this is compared with the maximum input and output performance of the storage device to detect any potential file tampering.

• Journal of architectural history
• /
• v.17 no.2
• /
• pp.67-81
• /
• 2008

Aldo Rossi explained Roman Forum as a significant urban artifact, because Roman Forum analogically showed not only an image of Roman Empire but also a figure of primitive design for its region. Thus the comparison and analysis between characteristics of Aldo Rossi's architectural works which are based on the theory of 'Analogical city' and the forums, the urban artifacts, was proceeded in this study. Consequently, it was discovered that Aldo Rossi had used his analogical thinking from the forum for his architectural languages such as gable roofs, square windows with depth, columns and so on. His analogical use of organizing spaces, such as courtyard type and pillar corridor type, has also shown that their types came from forum spaces. His analogical aspects of the forum: a space where urban images are analogically formed; were expressed in the 'Theater of Science' with the urban architecture form as the actor and the Theatre as the stage for analogical urban performances. Nevertheless, the expression of primitive design which divides the Roman Forum from other forums was actualized in 'the Theater of the World'. He not only analogically used types from Roman Forum in architectural design but also used boat in Water space, which decided the lifestyle and culture of Venice even before the civilization, to express the primitive design of Venice. Consequently, Aldo Rossi, by aiming the severance from the tradition, provided the possibility of explaining the newest modem type within the historical meaning by forming type which finds its continuance in history through 'the Theater of the World' and through analogical thinking along with the level of modern culture, to our urban architectural atmosphere that has lost its historical meanings.

• Nuclear Engineering and Technology
• /
• v.49 no.4
• /
• pp.776-780
• /
• 2017

To avoid imaging artifacts and interpretation mistakes, an improvement of the uniformity in gamma camera systems is a very important point. We can expect excellent uniformity using cadmium zinc telluride (CZT) photon counting detector (PCD) because of the direct conversion of the gamma rays energy into electrons. In addition, the uniformity performance such as integral uniformity (IU), differential uniformity (DU), scatter fraction (SF), and contrast-to-noise ratio (CNR) varies according to the energy window setting. In this study, we compared a PCD and conventional scintillation detector with respect to the energy windows (5%, 10%, 15%, and 20%) using a $^{99m}Tc$ gamma source with a Geant4 Application for Tomography Emission simulation tool. The gamma camera systems used in this work are a CZT PCD and NaI(Tl) conventional scintillation detector with a 1-mm thickness. According to the results, although the IU and DU results were improved with the energy window, the SF and CNR results deteriorated with the energy window. In particular, the uniformity for the PCD was higher than that of the conventional scintillation detector in all cases. In conclusion, our results demonstrated that the uniformity of the CZT PCD was higher than that of the conventional scintillation detector.

• Journal of Radiation Industry
• /
• v.17 no.4
• /
• pp.385-390
• /
• 2023

The uterus, one of women's reproductive organs, is also closely related to women's health. Among them, hemorrhagic luteal cysts, one of the causes of pelvic pain that women often experience, were observed through CT and ultrasound, and the quality of images was evaluated through quantitative and qualitative evaluations. This study sought to find out whether the test method is more helpful to patients during CT and ultrasound. This study was conducted on 15 adolescent women and 15 adult women(21.31±3.45 average age). The equipment used for filming used EC3-10X (3~10 MHZ) and Philips Mx8000 iCT 256 among Endocavity Probes among Ecube Platinum. After setting a constant ROI on the cyst and the interface as a quantitative analysis method, SNR and CNR values were measured on a 5-point scale based on image quality, lesion clarity, image distortion, clarity of the interface, and motion artifacts (p<0.05). Independent t-test and Mann Whiteny U were performed, and the statistical program used was noted when SPSS (Version 22.0 for windows software package, Chicago, IL, USA) was statistically less than 0.05. Comparing the SNR and CNR values for this experiment, it can be seen that the SNR value was higher in the case of CT images(p<0.05). As a result of the qualitative evaluation, the quality of the image, the clarity of the lesion, the distortion of the image, the clarity of the interface, and the clarity of the boundary were measured on a 5-point scale based on the movement artifact. Comparing each score, CT images scored higher with a finer difference than ultrasound images(p<0.05). In conclusion, both test methods showed excellent results in finding the patient's lesions. However, in quantitative and qualitative evaluations, CT produced higher results in detecting lesions than ultrasound. However, for cyst tests that require continuous observation, ultrasonography, a non-invasive method that is advantageous for patients, will be clinically useful. Therefore, observing the patient's lesions by appropriately distributing these two test methods will provide optimal diagnostic information. These results will be useful for providing clinical basic data and educational materials to CT and US users in the future.