Detecting forensically relevant information from PE executables

Cyber forensics analysis is the procedure to find crucial evidence with respect to a crime from a digital media. Malware forensics and Network security plays a crucial role in the current scenario where malware attacks are a common problem. A malicious software which can be commonly termed as a malware would cause interruption to a computer operation and may collect necessary information or illegally access private systems. A malware may either take the form of a script, code, spyware and many other kinds of malicious programs. Reverse engineering principles are applied in this domain to analyze malware. It is the comprehensive process of breaking software to figure out how it works. This paper proposes an advanced and resource friendly malware forensics analysis procedure which uses the principles of static analysis to figure out the exact purpose of an executable file. Portable executable format can be explored with higher accuracy using the proposed method.