Abstract: A cyber breach diagnostics system includes: an activity records collection device arranged to operably collect multiple suspicious activities records related to multiple computing devices in a target network and corresponding multiple time stamps and multiple attribute tags, and to operably process the multiple suspicious activities records, the multiple time stamps, and the multiple attribute tags to generate a return data; and a suspicious event analysis device arranged to operably conduct a suspicious event sequence diagram generating operation to identify multiple suspicious events related to the target network as well as multiple time records corresponding to the multiple suspicious events, and to operably generate and display a suspicious event sequence diagram corresponding to the multiple suspicious events according to the multiple suspicious events and the multiple time records.

Abstract: A suspicious event analysis device includes: a display device; a communication circuit, arranged to operably receive multiple suspicious activities records related to multiple computing devices in a target network and corresponding multiple time stamps and multiple attribute tags through internet; a storage circuit, arranged to operably store a suspicious event sequence diagram generating program; and a control circuit, arranged to operably execute the suspicious event sequence diagram generating program to conduct a suspicious event sequence diagram generating operation, so as to identify multiple suspicious events related to the target network as well as multiple time records corresponding to the multiple suspicious events, and to generate and display a suspicious event sequence diagram corresponding to the multiple suspicious events according to the multiple suspicious events and the multiple time records.

Abstract: A suspicious event analysis device includes: a display device; a communication circuit, arranged to operably receive multiple suspicious activities records related to multiple computing devices in a target network and corresponding multiple time stamps and multiple attribute tags through internet; a storage circuit, arranged to operably store a suspicious event sequence diagram generating program; and a control circuit, arranged to operably execute the suspicious event sequence diagram generating program to conduct a suspicious event sequence diagram generating operation, so as to identify multiple suspicious events related to the target network as well as multiple time records corresponding to the multiple suspicious events, and to generate and display a suspicious event sequence diagram corresponding to the multiple suspicious events according to the multiple suspicious events and the multiple time records.

Abstract: The present invention discloses a method for fabricating a porous spherical iron-based alloy powder, a powder thereof and a sintered body thereof. The method comprises steps: mixing an iron oxide powder and an alloying powder to form a mixed powder; spray-granulating the mixed powder to form a spherical spray-granulated powder; and placing the spherical spray-granulated powder in a reducing environment and heating it to a temperature of lower than 700° C. to obtain a porous spherical iron-based alloy powder having high flowability, high compressibility, superior sinterability and low cost.

Abstract: The present invention discloses a method for fabricating a porous spherical iron-based alloy powder, a powder thereof and a sintered body thereof. The method comprises steps: mixing an iron oxide powder and an alloying powder to form a mixed powder; spray-granulating the mixed powder to form a spherical spray-granulated powder; and placing the spherical spray-granulated powder in a reducing environment and heating it to a temperature of lower than 700° C. to obtain a porous spherical iron-based alloy powder having high flowability, high compressibility, superior sinterability and low cost.

Abstract: A method for recognizing disguised malicious document, carried out by a computer system including a central processing unit (CPU), a memory, and a database storing rules for defining executable file and non-executable file, comprising steps of: receiving a static file through a network and an input/out interface; scanning the static file for a file header to determine if it is a non-executable file; analyzing file body of the non-executable file to locate components of an executable file and mark these positions; extracting components of the executable file from the non-executable file; concatenating the extracted components in accordance with a default rule or a heuristic rule to form a new file; and obtaining a new file that is executable, such that the received static file is a non-executable file having an embedded executable file, thus labeling the static file as a disguised malicious document.

Abstract: A method for recognizing malicious file has steps: receiving a static file through a network or an input/out interface to be stored in the memory; defining suspicious positions where components of a malware are possibly encrypted in the static file; decrypting the suspicious positions to identify a PE header and a shellcode; extracting the PE header and the shellcode terms in segments; and determining whether the PE header and the shellcode terms can be assembled into an executable binary which indicates a recognition of the malicious file.

Abstract: A method for extracting the genetic fingerprinting of a malicious document file includes the steps of establishing a database to store a plurality of genetic fingerprinting data of the first malicious document, then retrieving a document file sent via the Internet, and then proceeding with multi-point detection and extraction to the document file, so as to obtain a multi-point section, then comparing and analyzing the multi-point section with the plurality of genetic fingerprinting data of the first malicious document to confirm whether the multi-point section program code of the document file matches a malicious feature, thereby achieves the goal of extracting the content information of the document file and converts it into the genetic fingerprinting data of a new malicious document.

Abstract: A method for producing a sputtering target containing boron has steps of providing cobalt-chromium (Co·Cr) prealloy powder, mixing Co·Cr prealloy powder and raw material powder containing boron and oxide to form a mixture, preforming the mixture to form a green compact, and sintering the green compact to obtain the sputtering target containing boron. Because Co·Cr prealloy powder is provided, then is mixed with boron, oxide or the like, size and distribution of boride particles can be efficiently controlled. Therefore, Co, Cr, B or the like are uniformly distributed in the sputtering target.