Digital forensic investigators commonly use dynamic malware analysis methods to analyze a suspect executable found during a post-mortem analysis of the victim’s computer. Unfortunately, currently proposed dynamic malware analysis methods and sandbox solutions have a number of limitations that may lead the investigators to ambiguous conclusions. In this research, the limitations of the use of current dynamic malware analysis methods in digital forensic investigations are highlighted. In addition, a method to profile dynamic kernel memory to complement currently proposed dynamic profiling techniques is, then, proposed. The proposed method will allow investigators to automate the identification of malicious kernel objects during a post-mortem analysis of the victim’s acquired memory. The method is implemented in a prototype malware analysis environment to automate the process of profiling malicious kernel objects and assist malware forensic investigation. Finally, a case study is given to demonstrate the efficacy of the proposed approach.
CITATION STYLE
Shosha, A. F., James, J. I., Hannaway, A., Liu, C. C., & Gladyshev, P. (2013). Towards automated malware behavioral analysis and profiling for digital forensic investigation purposes. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 114 LNICST, pp. 66–80). Springer Verlag. https://doi.org/10.1007/978-3-642-39891-9_5
Mendeley helps you to discover research relevant for your work.