Thumbnail Image
Publication

Towards automated forensic event reconstruction of malicious code (Poster Abstract)

Date
2012
Abstract
A call for formalizing digital forensic investigations has been proposed by academics and practitioners alike [1, 2]. Many currently proposed methods of malware analysis for forensic investigation purposes, however, are derived based on the investigators’ practical experience. This paper presents a formal approach for reconstructing the activities of a malicious executable found in a victim’s system during a post-mortem analysis. The behavior of a suspect executable is modeled as a finite state automaton where each state represents behavior that results in an observable modification to the victim’s system. The derived model of the malicious code allows for accurate reasoning and deduction of the occurrence of malicious activities even when anti-forensic methods are employed to disrupt the investigation process.
Supervisor
Description
peer-reviewed
Publisher
Springer
Citation
15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012) Lecture Notes in Computer Science;7462, pp. 388-389
Collections
Lero - The Science Foundation Ireland Research Centre for Software
Show all metadata
Files
Thumbnail Image
Shosha_2012_forensic.pdf
Adobe PDF150.7 KB
Keywords
formal methods, event reconstruction, model checking, automated static malware analysis
ULRR Identifiers
https://hdl.handle.net/10344/2898
 https://doi.org/10.34961/1137
Funding code
Funding Information
Science Foundation Ireland (SFI)
Sustainable Development Goals
External Link
Type
Meetings and Proceedings
Rights
https://creativecommons.org/licenses/by-nc-sa/1.0/
License