Review of Live Forensic Analysis Techniques

Rahman, Shuaibur; Khan, M. N. A.

doi:10.14257/ijhit.2015.8.2.35

Cited by 21 publications

(14 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The conclusion is that this phase could not respond adequately to the complexity of the current malware. The main goal of these tasks is the collection, analysis, and preservation of data from an IT machine as part of forensic processes, to make it admissible in a court of law [31,32].…”

Section: Related Workmentioning

confidence: 99%

Systematic Approach to Malware Analysis (SAMA)

et al. 2020

View full text Add to dashboard Cite

Featured Application: The systematic and methodological process of analysis described in this document will provide a complete understanding of the life cycle of a malware specimen in terms of its behavior, operation, interaction with the environment, methods of concealment and obfuscation, system updates, and communications.Abstract: Malware threats pose new challenges to analytic and reverse engineering tasks. It is needed for a systematic approach to that analysis, in an attempt to fully uncover their underlying attack vectors and techniques and find commonalities between them. In this paper, a method of malware analysis is described, together with a report of its application to the case of Flame and Red October. The method has also been used by different analysts to analyze other malware threats like 'Stuxnet', 'Dark Comet', 'Poison Ivy', 'Locky', 'Careto', and 'Sofacy Carberp'. The method presented in this work is a systematic and methodological process of analysis, whose main objective is the acquisition of knowledge as well as to gain a full understanding of a particular malware. Using the proposed method to analyze two well-known malware as 'Flame' and 'Red October' will help to understand the added value of the method.

show abstract

Section: Related Workmentioning

confidence: 99%

Systematic Approach to Malware Analysis (SAMA)

et al. 2020

View full text Add to dashboard Cite

show abstract

“…They concluded that the use of the Windows IM can leave behind incriminating evidential material useful or critical to an investigation on the hard drive, memory and network captures. Other studies of both static media and memory forensics on Skype is reported in [16,17,18]. The general suggestion is that using data from memory dump, virtual machine created from static data can be adjusted to provide better picture of the live system at the time when the dump is made.…”

Section: Literature Reviewmentioning

confidence: 99%

An Empirical Study of Skype Data Retrieval from Physical Memory

Ghafarian¹,

Mady²,

Wood³

2019

IJCA

View full text Add to dashboard Cite

Instant messaging technology is increasingly becoming popular among individuals, businesses, as well as criminals. Technologies such as Skype is widely used due to its secure and cheap services. Traditional static media computer forensics approach is not effective in retrieving traces of instant messaging activity. This research presents the findings from physical memory forensics examination of Skype communication. We examined both client-based Skype as well as web-based Skype to determine whether the forensics data remnants in memory would be different for each case. For each case, we evaluated the forensics artifacts at both the operating system level and the application level. At the operating system level, we examined active processes, terminated processes, hidden processes and open files related to Skype activity. At the application level, we evaluated Skype activity artifacts such as logins credentials, audio and video conversations, transferred files, emails, and geographical location of the caller. In addition, we found some differences in the client-based and web-based Skype data remnants in memory. Overall, we confirm that physical memory forensics is the most effective technique for retrieving forensics artifacts of instant messaging technology.

show abstract

“…Lastly, they identify patterns and rules for VIPs customer from the transactional data using association rules and sequential patterns and then design CRM strategies for the online shopping mall. Reference [16][17][18][19][20][21][22][23][24][25] outlined various software engineering and machine learning techniques in different domains.…”

confidence: 99%