Differential malware forensics
Authors: Provataki, A. and Katos, V.
Journal: Digital Investigation
Volume: 10
Issue: 4
Pages: 311-322
ISSN: 1742-2876
DOI: 10.1016/j.diin.2013.08.006
Abstract:In this paper we present a malware forensics framework for assessing and reporting on the modus operandi of a malware within a specific organizational context. The proposed framework addresses the limitations existing dynamic malware analysis approaches exhibit. More specifically we extended the functionality of the cuckoo sandbox malware analysis tool in order to automate the process of correlating and investigating the analysis results that multiple executions of a suspect binary on distinct and specific system configurations can produce. In contrast to standard malware analysis methods that assess the potential damage a malware may cause in general, this approach enables the analyst to identify contingent behavioral changes when the malware is executed and answer questions relating to the malware's activities within a specific environment. By doing this, the analyst is in the position to report on the actual rather theoretical actions a malware has performed, allowing the stakeholders to make informed recovery decisions. In this context, we identify the necessary forensic readiness prerequisites which are critical for the successful application and adoption of the proposed framework. © 2013 Elsevier Ltd. All rights reserved.
Source: Scopus
Preferred by: Vasilis Katos
Differential malware forensics
Authors: Provataki, A. and Katos, V.
Journal: DIGITAL INVESTIGATION
Volume: 10
Issue: 4
Pages: 311-322
eISSN: 1873-202X
ISSN: 1742-2876
DOI: 10.1016/j.diin.2013.08.006
Source: Web of Science (Lite)