Digital Forensic Reconstruction of a Program Action

Forensic analysis of a suspect program is a daily challenge encounters forensic analysts and law-enforcement. It requires determining the behavior of a suspect program found in a computer system subject to investigation and attempting to reconstruct actions that have been invoked in the system. In this research paper, a forensic analysis approach for suspect programs in an executable binary form is introduced. The proposed approach aims to reconstruct high level forensic actions and approximate action arguments from low level machine instructions; That is, reconstructed actions will assist in forensic inferences of evidence and traces caused by an action invocation in a system subject to forensics investigation.

[1]  Joshua James,et al.  Analysis of Evidence Using Formal Event Reconstruction , 2009, ICDF2C.

[2]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[3]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[4]  Ahmed Patel,et al.  Finite state machine approach to digital event reconstruction , 2004, Digit. Investig..

[5]  Helmut Veith,et al.  An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries , 2008, VMCAI.

[6]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[7]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[8]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools (2nd Edition) , 2006 .

[9]  Eoghan Casey,et al.  Malware Forensics: Investigating and Analyzing Malicious Code , 2008 .

[10]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[11]  M. W. Shields An Introduction to Automata Theory , 1988 .

[12]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[13]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[14]  Craig Valli,et al.  Malware Forensics: Discovery of the Intent of Deception , 2010, J. Digit. Forensics Secur. Law.

[15]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[16]  Chen-Ching Liu,et al.  Towards Automated Forensic Event Reconstruction of Malicious Code (Poster Abstract) , 2012, RAID.

[17]  Helmut Seidl,et al.  Side-Effect Analysis of Assembly Code , 2011, SAS.