Title :
Lightweight runtime reverse engineering of binary file format variants
Author :
van den Bos, Jeroen
Author_Institution :
Netherlands Forensic Inst. (NFI), The Hague, Netherlands
Abstract :
Binary file formats are regularly extended and modified, often unintentionally in the form of bugs in the implementations of applications and libraries that create files. Applications that need to read data from binary files created by other applications face the complicated task of supporting the resulting many variants. Lightweight implementation patterns to perform runtime reverse engineering can be used to handle common extensions, modifications and bugs. This increases application usability by generating fewer errors as well as provides useful automated feedback to maintainers. This paper describes a set of patterns that are the result of experience in developing and maintaining a collection of automated digital forensics tools. The patterns are illustrated through practical examples and can be directly applied by practitioners.
Keywords :
digital forensics; reverse engineering; applications; automated digital forensics tools; binary file format variants; bugs; extensions; libraries; lightweight runtime reverse engineering; modifications; Data structures; Encoding; Libraries; Maintenance engineering; Reverse engineering; Security; Transform coding;
Conference_Titel :
Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), 2014 Software Evolution Week - IEEE Conference on
Conference_Location :
Antwerp
DOI :
10.1109/CSMR-WCRE.2014.6747196
