Title

Forensic Analysis Avoidance Techniques of Malware

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University

Faculty

Computing, Health and Science

School

Computer and Information Science

RAS ID

5273

Comments

Originally published as: Brand, M. (2007). Forensic analysis avoidance techniques of malware. In Proceedings of the 5th Australian Digital Forensics Conference. (p. 59-66). Perth, Western Australia: Edith Cowan University. Original article available here

Abstract

Anti-forensic techniques are increasingly being used by malware writers to avoid detection and analysis of their malicious code. Penalties for writing malware could include termination of employment, fines or even, imprisonment. Malware writers are motivated not to get caught and are actively using subversive techniques to avoid forensic analysis. Techniques employed include obfuscation, anti-disassembly, encrypted and compressed data, data destruction and anti-debugging. Automated detection and classification work is progressing in this field. This includes analysing statistical structures such as assembly instructions, system calls, system dependence graphs and classification through machine learning.

DOI

10.4225/75/57ad403c7ff2a

 
COinS
 

Link to publisher version (DOI)

10.4225/75/57ad403c7ff2a