University of Limerick Institutional Repository

Towards Automated malware behavioral analysis and profiling for digital forensic investigation purposes

DSpace Repository

Show simple item record

dc.contributor.author Shosha, Ahmed F
dc.contributor.author James, Joshua I
dc.contributor.author Hannaway, Alan
dc.contributor.author Chen-Ching, Liu
dc.contributor.author Gladyshev, Pavel
dc.date.accessioned 2013-02-15T15:51:26Z
dc.date.available 2013-02-15T15:51:26Z
dc.date.issued 2012
dc.identifier.uri http://hdl.handle.net/10344/2897
dc.description peer-reviewed en_US
dc.description.abstract Digital forensic investigators commonly use dynamic malware analysis methods to analyze a suspect executable found during a post-mortem analysis of the victim’s computer. Unfortunately, currently proposed dynamic malware analysis methods and sandbox solutions have a number of limitations that may lead the investigators to ambiguous conclusions. In this research, the limitations of the use of current dynamic malware analysis methods in digital forensic investigations are highlighted. In addition, a method to profile dynamic kernel memory to complement currently proposed dynamic profiling techniques is proposed. The proposed method will allow investigators to automate the identification of malicious kernel objects during a post-mortem analysis of the victim’s acquired memory. The method is implemented in a prototype malware analysis environment to automate the process of profiling malicious kernel objects and assist malware forensic investigation. Finally, a case study is given to demonstrate the efficacy of the proposed approach. en_US
dc.language.iso eng en_US
dc.relation.ispartofseries 4th International Conference on Digital Forensics and Cyber Crime ICDF2C 2012;
dc.subject dynamic malware analysis en_US
dc.subject kernel object profiling en_US
dc.subject malware investigation en_US
dc.subject memory forensics en_US
dc.subject post-mortem analysis en_US
dc.title Towards Automated malware behavioral analysis and profiling for digital forensic investigation purposes en_US
dc.type info:eu-repo/semantics/conferenceObject en_US
dc.type.supercollection all_ul_research en_US
dc.type.supercollection ul_published_reviewed en_US
dc.rights.accessrights info:eu-repo/semantics/openAccess en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ULIR


Browse

My Account

Statistics