Australian Digital Forensics Conference

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University, Perth, Western Australia


This paper will look at the current state of visualization in relation to mainly malware collector logs, network logs and the possibility of visualizing their payloads. We will show that this type of visualization of activity on the network can help us in the forensic investigation of the traffic, which may contain unwanted pieces of cod, and may identify any patterns within the traffic or payloads that might help us determine the nature of the traffic visually. We will further speculate on a framework that could be built which would be able to finger print any type of malware, based on the theory that the basic structure of Malware code does not change, it may mutate but the internal structure stays the same. By passing it through either a current log Visualisation algorithm or a purpose built piece of visual inspection software which would output a 3D visual representation of the malware to screen or be further processed by a multipoint mapping utility similar to a finger print mapper, which would determine the base structure of the malware and categorise it. If we could finger print zero day virus by recognising visually, we may then able to detect and create an antidote to it much quicker and more efficiently than is currently being done by most antivirus vendors


6th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 3rd 2008.