The Experts below are selected from a list of 24 Experts worldwide ranked by ideXlab platform
Aquilina James - One of the best experts on this subject based on the ideXlab platform.
-
Malware Forensics Field Guide for Linux Systems
2013Co-Authors: Malin Cameron, Casey Eoghan, Aquilina JamesAbstract:Malware Forensics Field Guide for Linux Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Linux-based systems, where new malware is developed every day. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Linux system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Linux systems; legal considerations; file identification and profiling initial analysis of a Suspect file on a Linux system; and analysis of a Suspect Program
-
Malware Forensics Field Guide for Windows Systems
2012Co-Authors: Malin Cameron, Casey Eoghan, Aquilina JamesAbstract:Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Windows-based systems, the largest running OS in the world. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Windows system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Windows systems; legal considerations; file identification and profiling initial analysis of a Suspect file on a Windows system; and analysis of a Suspect Program
James M. Aquilina - One of the best experts on this subject based on the ideXlab platform.
-
Analysis of a Malware Specimen
Malware Forensics Field Guide for Windows Systems, 2012Co-Authors: Cameron H. Malin, Eoghan Casey, James M. AquilinaAbstract:Through the file profiling method, tools, and techniques discussed in Chapter 5, forensic investigators can gain important insight into the dependencies, strings, antivirus signatures, and metadata associated with a Suspect file and use this knowledge to learn more about the file. Building on that information, this chapter further explores the nature, purpose, and functionality of a Suspect Program by conducting a dynamic and static analysis of the binary. The chapter demonstrates the importance of using dynamic and static analysis to gain a better understanding of a malicious code specimen. It explains what an investigator should consider while analyzing a Suspect Program, including the nature and purpose of the Program, how it accomplishes its purpose, how it interacts with the host system and network, how the attacker interacts with the Program, and more. The chapter also covers how phylogenetic relationships between specimens can provide insight into their origin, composition, and development.
-
Analysis of a Suspect Program: Windows
Malware Forensics, 2008Co-Authors: James M. AquilinaAbstract:This chapter endeavors to establish a general guideline of the tools and techniques that can be used to examine malicious executable binaries in a Windows environment. There are a variety of Malware laboratory configuration options. In many instances, a specimen can dictate the parameters of the lab environment, particularly if the code requires numerous servers to fully function, or more nefariously, employs antivirtualization code to stymie the digital investigator's efforts to observe the code in a VMWare or other virtualized host system. Use of virtualization is helpful during the behavioral analysis of a malicious code specimen, as the analysis requires frequent stops and starts of the malicious Program to observe the nuances of the Program's behavior.
-
Analysis of a Suspect Program: Linux
Malware Forensics, 2008Co-Authors: James M. AquilinaAbstract:Publisher Summary This chapter provides a general guideline to clearer sense of tools and techniques that can be used to examine a malicious executable binary in the Linux environment. With the seemingly endless number of malicious code specimens being generated by attackers—often with varying functions and purposes—flexibility and adjustment of the methodology to meet the needs of each individual case is required. A valuable way a malicious code specimen interacts with a victim system, and in turn, to determine the risk that the Malware poses to the system is to monitor certain aspects of the system during the runtime of the specimen. In particular, tools that monitor the host system with network activity is deployed prior to the execution of a subject specimen and during the course of the specimen's runtime; in this way, the tools will capture the activity of the specimen from the moment it is executed. On a Linux system, there are five main aspects relating to the infected system: the files system, system calls, running processes, the /proc directory, and network activity (to include IDS).
Malin Cameron - One of the best experts on this subject based on the ideXlab platform.
-
Malware Forensics Field Guide for Linux Systems
2013Co-Authors: Malin Cameron, Casey Eoghan, Aquilina JamesAbstract:Malware Forensics Field Guide for Linux Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Linux-based systems, where new malware is developed every day. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Linux system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Linux systems; legal considerations; file identification and profiling initial analysis of a Suspect file on a Linux system; and analysis of a Suspect Program
-
Malware Forensics Field Guide for Windows Systems
2012Co-Authors: Malin Cameron, Casey Eoghan, Aquilina JamesAbstract:Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Windows-based systems, the largest running OS in the world. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Windows system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Windows systems; legal considerations; file identification and profiling initial analysis of a Suspect file on a Windows system; and analysis of a Suspect Program
Casey Eoghan - One of the best experts on this subject based on the ideXlab platform.
-
Malware Forensics Field Guide for Linux Systems
2013Co-Authors: Malin Cameron, Casey Eoghan, Aquilina JamesAbstract:Malware Forensics Field Guide for Linux Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Linux-based systems, where new malware is developed every day. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Linux system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Linux systems; legal considerations; file identification and profiling initial analysis of a Suspect file on a Linux system; and analysis of a Suspect Program
-
Malware Forensics Field Guide for Windows Systems
2012Co-Authors: Malin Cameron, Casey Eoghan, Aquilina JamesAbstract:Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Windows-based systems, the largest running OS in the world. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Windows system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Windows systems; legal considerations; file identification and profiling initial analysis of a Suspect file on a Windows system; and analysis of a Suspect Program
George Danezis - One of the best experts on this subject based on the ideXlab platform.
-
Detecting Malware with Information Complexity
2015Co-Authors: George DanezisAbstract:This work focuses on a specific front of the malware detection arms-race, namely the detection of persistent, disk-resident malware. We exploit normalised compression distance (NCD), an information theoretic measure, applied directly to binaries. Given a zoo of labelled malware and benign-ware, we ask whether a Suspect Program is more similar to our malware or to our benign-ware. Our approach classifies malware with 97.1% accuracy and a false positive rate of 3%. We achieve our results with off-the-shelf compressors and a standard machine learning classifier and without any specialised knowledge. An end-user need only collect a zoo of malware and benign-ware and then can immediately apply our techniques. We apply statistical rigour to our experiments and our selection of data. We demonstrate that accuracy can be optimised by combining NCD with the compressibility rates of the executables. We demonstrate that malware reported within a more narrow time frame of a few days is more homogenous than malware reported over a longer one of two years but that our method still classifies the latter with 95.2% accuracy and a 5% false positive rate. Due to the use of compression, the time and computation cost of our method is non-trivial. We show that simple approximation techniques can improve the time complexity of our approach by up to 63%. We compare our results to the results of applying the 59 anti-malware Programs used on the VirusTotal web site to our malware. Our approach does better than any single one of them as well as the 59 used collectively.
