|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
2008 Fourth International Conference on Networked Computing and Advanced Information Management
An Automatic Identification of a Damaged Malicious File Using HMM against Anti-Forensics
September 02-September 04
ISBN: 978-0-7695-3322-3
| ASCII Text | x | ||
| Dongju Ryu, Minsoo Kim, Yong-Min Kim, "An Automatic Identification of a Damaged Malicious File Using HMM against Anti-Forensics," Networked Computing and Advanced Information Management, International Conference on, vol. 1, pp. 177-184, 2008 Fourth International Conference on Networked Computing and Advanced Information Management, 2008. | |||
| BibTex | x | ||
| @article{ 10.1109/NCM.2008.255, author = {Dongju Ryu and Minsoo Kim and Yong-Min Kim}, title = {An Automatic Identification of a Damaged Malicious File Using HMM against Anti-Forensics}, journal ={Networked Computing and Advanced Information Management, International Conference on}, volume = {1}, year = {2008}, isbn = {978-0-7695-3322-3}, pages = {177-184}, doi = {http://doi.ieeecomputersociety.org/10.1109/NCM.2008.255}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - Networked Computing and Advanced Information Management, International Conference on TI - An Automatic Identification of a Damaged Malicious File Using HMM against Anti-Forensics SN - 978-0-7695-3322-3 SP177 EP184 A1 - Dongju Ryu, A1 - Minsoo Kim, A1 - Yong-Min Kim, PY - 2008 KW - Anti-Forensics KW - Forensics KW - Damaged Malicious File KW - File Recovery KW - Identification File Type VL - 1 JA - Networked Computing and Advanced Information Management, International Conference on ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/NCM.2008.255
These days, an increasing use of internet has brought many trials to steal personal information. These unlawful users usually hide their own crime evidence or destroy evidence against their being arrested, which disturbs investigation. To come up with this, investigators use various methods to find evidence, and forensics investigation technique is also developing. Forensics tools can recover deleted file even when it is formatted. However, it is hard to know the original attributes when the header of a file is damaged. Data carving skill supports restoration techniques partly, but it can’t find the attributes of clusters in small unit. In this paper, we study a way to find out attributes of original file even with small clusters. We also find a method to decide if a damaged file is malignancy or not by analyzing the properties of execution file. We use HMM’s modeling techniques for auto-detect method, and propose estimation method to identify malicious file information. Finally, we test the whole process of analyzing clusters after formatting a real system with an attack code for disturbing its recovery.
Index Terms:
Anti-Forensics, Forensics, Damaged Malicious File, File Recovery, Identification File Type
Citation:
Dongju Ryu, Minsoo Kim, Yong-Min Kim, "An Automatic Identification of a Damaged Malicious File Using HMM against Anti-Forensics," ncm, vol. 1, pp.177-184, 2008 Fourth International Conference on Networked Computing and Advanced Information Management, 2008
Usage of this product signifies your acceptance of the Terms of Use.