University of Limerick
Browse
- No file added yet -

Towards automated forensic event reconstruction of malicious code (Poster Abstract)

Download (150.7 kB)
conference contribution
posted on 2013-02-15, 16:11 authored by Ahmed F Shosha, Joshua I James, Liu Chen-Ching, Pavel Gladyshev
A call for formalizing digital forensic investigations has been proposed by academics and practitioners alike [1, 2]. Many currently proposed methods of malware analysis for forensic investigation purposes, however, are derived based on the investigators’ practical experience. This paper presents a formal approach for reconstructing the activities of a malicious executable found in a victim’s system during a post-mortem analysis. The behavior of a suspect executable is modeled as a finite state automaton where each state represents behavior that results in an observable modification to the victim’s system. The derived model of the malicious code allows for accurate reasoning and deduction of the occurrence of malicious activities even when anti-forensic methods are employed to disrupt the investigation process.

History

Publication

15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012) Lecture Notes in Computer Science;7462, pp. 388-389

Publisher

Springer

Note

peer-reviewed

Other Funding information

SFI

Rights

The original publication is available at www.springerlink.com

Language

English

Usage metrics

    University of Limerick

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC