2012 | OriginalPaper | Buchkapitel
Towards Automated Forensic Event Reconstruction of Malicious Code (Poster Abstract)
verfasst von : Ahmed F. Shosha, Joshua I. James, Chen-Ching Liu, Pavel Gladyshev
Erschienen in: Research in Attacks, Intrusions, and Defenses
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
A call for formalizing digital forensic investigations has been proposed by academics and practitioners alike [1, 2]. Many currently proposed methods of malware analysis for forensic investigation purposes, however, are derived based on the investigators’ practical experience. This paper presents a formal approach for reconstructing the activities of a malicious executable found in a victim’s system during a post-mortem analysis. The behavior of a suspect executable is modeled as a finite state automaton where each state represents behavior that results in an observable modification to the victim’s system. The derived model of the malicious code allows for accurate reasoning and deduction of the occurrence of malicious activities even when anti-forensic methods are employed to disrupt the investigation process.