Digital Forensic Reconstruction of a Program Action

Author

Shosha, Ahmed F. ; Tobin, Lee ; Gladyshev, Pavel

Author_Institution

Sch. of Comput. Sci. & Inf., Univ. Coll. Dublin, Dublin, Ireland

fYear

2013

fDate

23-24 May 2013

Firstpage

119

Lastpage

122

Abstract

Forensic analysis of a suspect program is a daily challenge encounters forensic analysts and law-enforcement. It requires determining the behavior of a suspect program found in a computer system subject to investigation and attempting to reconstruct actions that have been invoked in the system. In this research paper, a forensic analysis approach for suspect programs in an executable binary form is introduced. The proposed approach aims to reconstruct high level forensic actions and approximate action arguments from low level machine instructions; That is, reconstructed actions will assist in forensic inferences of evidence and traces caused by an action invocation in a system subject to forensics investigation.

Keywords

digital forensics; inference mechanisms; program diagnostics; action invocation; computer system; digital forensic reconstruction; executable binary form; forensic analysis; forensic inferences; forensics investigation; law-enforcement; machine instructions; program actions; suspect program; Concrete; Digital forensics; Prototypes; Registers; Security; Semantics;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy Workshops (SPW), 2013 IEEE

Conference_Location

San Francisco, CA

Print_ISBN

978-1-4799-0458-7

Type

conf

DOI

10.1109/SPW.2013.17

Filename

6565239