Digital Forensic Analysis on Runtime Instruction Flow

نویسندگان

  • Juanru Li
  • Dawu Gu
  • Chaoguo Deng
  • Yuhao Luo
چکیده

Computer system’s runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ignored. We present a novel approach on runtime instruction forensic analysis and have developed a forensic system which collects instruction flow and extracts digital evidence. The system is based on whole-system emulation technique and analysts are allowed to define analysis strategy to improve analysis efficiency and reduce overhead. This forensic approach and system are applicable to binary code analysis, information retrieval and malware forensics.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Analyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications

The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...

متن کامل

Compiled low-level virtual instruction set simulation and profiling for code partitioning and ASIP-synthesis in hardware/software co-design

We present ongoing work and first results in static and detailed quantitative runtime analysis of LLVM byte code for the purpose of automatic procedural level partitioning and cosynthesis of complex software systems. Runtime behaviour is captured by reverse compilation of LLVM bytecode into augmented, self-profiling ANSI-C simulator programs retaining the LLVM instruction level. The actual glob...

متن کامل

Identification of High-Resolution Images of Child and Adolescent Pornography at Crime Scenes

In several countries, the possession of files containing child and adolescent pornography is a crime. Law-enforcement officers must be able to detect this type of content at crime scenes. The NuDetective Forensic Tool was developed to assist forensic examiners in the timely identification of such files at crime scenes. NuDetective automatically detects nudity in images and employs other techniq...

متن کامل

Efficient Protection of Path-Sensitive Control Security

Control-Flow Integrity (CFI), as a means to prevent control-flow hijacking attacks, enforces that each instruction transfers control to an address in a set of valid targets. The security guarantee of CFI thus depends on the definition of valid targets, which conventionally are defined as the result of a static analysis. Unfortunately, previous research has demonstrated that such a definition, a...

متن کامل

Quick Identification of Child Pornography in Digital Videos

Computer forensics has the main objective to find digital evidences of crimes. One of the most researched digital crimes is the sexual abuse of children, including the production, sharing and possession of child pornographic files. Aiming to quickly detect files of child pornography at crime scenes, the NuDetective Forensic Tool was previously developed and it uses techniques like nudity detect...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010