Evaluating Malware Forensics Tools

arxiv(2022)

引用 0|浏览21
暂无评分
摘要
We present an example implementation of the previously published Malware Analysis Tool Evaluation Framework (MATEF) to explore if a systematic basis for trusted practice can be established for evaluating malware artefact detection tools used within a forensic investigation. The application of the framework is demonstrated through a case study which presents the design of two example experiments that consider the hypotheses: (1) Is there an optimal length of time in which to execution malware for analysis and (2) Is there any observable difference between tools when observing malware behaviour? The experiments used a sample of 4,800 files known to produce network artefacts. These were selected at random from a library of over 350,000 malware binaries. The tools Process Monitor and TCPVCon, popular in the digital forensic community, are chosen as the subjects for investigating these two questions. The results indicate that it is possible to use the MATEF to identify an optimal execution time for a software tool used to monitor activity generated by malware.
更多
查看译文
关键词
malware forensics tools
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要