University of Limerick
Browse
- No file added yet -

Towards Automated malware behavioral analysis and profiling for digital forensic investigation purposes

Download (799.6 kB)
conference contribution
posted on 2013-02-15, 15:51 authored by Ahmed F Shosha, Joshua I James, Alan Hannaway, Liu Chen-Ching, Pavel Gladyshev
Digital forensic investigators commonly use dynamic malware analysis methods to analyze a suspect executable found during a post-mortem analysis of the victim’s computer. Unfortunately, currently proposed dynamic malware analysis methods and sandbox solutions have a number of limitations that may lead the investigators to ambiguous conclusions. In this research, the limitations of the use of current dynamic malware analysis methods in digital forensic investigations are highlighted. In addition, a method to profile dynamic kernel memory to complement currently proposed dynamic profiling techniques is proposed. The proposed method will allow investigators to automate the identification of malicious kernel objects during a post-mortem analysis of the victim’s acquired memory. The method is implemented in a prototype malware analysis environment to automate the process of profiling malicious kernel objects and assist malware forensic investigation. Finally, a case study is given to demonstrate the efficacy of the proposed approach.

History

Publication

4th International Conference on Digital Forensics and Cyber Crime ICDF2C 2012;

Note

peer-reviewed

Language

English

Usage metrics

    University of Limerick

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC