This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
2013 IEEE CS Security and Privacy Workshops (SPW2013)
San Francisco, CA USA
May 23-May 24
ISBN: 978-1-4799-0458-7
Ahmed F. Shosha, Sch. of Comput. Sci. & Inf., Univ. Coll. Dublin, Dublin, Ireland
Lee Tobin, Sch. of Comput. Sci. & Inf., Univ. Coll. Dublin, Dublin, Ireland
Pavel Gladyshev, Sch. of Comput. Sci. & Inf., Univ. Coll. Dublin, Dublin, Ireland
Forensic analysis of a suspect program is a daily challenge encounters forensic analysts and law-enforcement. It requires determining the behavior of a suspect program found in a computer system subject to investigation and attempting to reconstruct actions that have been invoked in the system. In this research paper, a forensic analysis approach for suspect programs in an executable binary form is introduced. The proposed approach aims to reconstruct high level forensic actions and approximate action arguments from low level machine instructions; That is, reconstructed actions will assist in forensic inferences of evidence and traces caused by an action invocation in a system subject to forensics investigation.
Index Terms:
Concrete,Semantics,Security,Digital forensics,Registers,Prototypes
Citation:
Ahmed F. Shosha, Lee Tobin, Pavel Gladyshev, "Digital Forensic Reconstruction of a Program Action," spw, pp.119-122, 2013 IEEE CS Security and Privacy Workshops (SPW2013), 2013
Usage of this product signifies your acceptance of the Terms of Use.