AUMFOR: Automated Memory Forensics for Malware Analysis
DOI:
https://doi.org/10.51983/ajeat-2017.6.2.2781Keywords:
Memory Forensics, Live Memory Forensics, Volatile Memory Analysis, Malware Analysis, Forensic RAM Analysis, Volatility GUI, Automated Memory ForensicsAbstract
Day by day cyber crimes and attacks are growing exponentially, every year companies in worldwide lose billions of dollars due to cyber attacks. It has became very essential to investigate and indentify root of cyber attack. One of the popular techniques of investigating is Memory Forensics, which refers to analysis of volatile data in computer’s memory dump. Investigators conduct necessary memory forensics to investigate and identify attacks or malicious behaviours that do not leave easily detectable tracks on hard drive data. There are varieties of tools available for RAM analysis including Volatility, which currently dominates open source RAM forensic tools. However, use of volatility requires knowledge of command line tool and dynamic as well as static malware analysis; it becomes very complex and tedious process. The work mentioned in document is aimed to help forensic investigators and researchers by providing GUI based Tool for Automated Memory Forensics (AUMFOR). AUMFOR do perform all complex and tedious work automatically, it also analyzes and gives final accurate reports about possibilities of use of malware in committing a crime.
References
S. Golovanov, principal security researcher at Kaspersky Lab, as quoted by TechRepublic.
Cuckoo Sandbox, "A malware analysis system," [Online]. Available: https://www.cuckoosandbox.org.
M. Bailey, J. Oberheide, J. Andersen, Z. M. Mao, F. Jahanian, and J. Nazario, "Automated classification and analysis of internet malware," in Recent Advances in Intrusion Detection, vol. 4637 of Lecture Notes in Computer Science, pp. 178-197, 2007.
M. Egele, T. Scholte, E. Kirda, and C. Kruegel, "A survey on automated dynamic malware analysis techniques and tools," in ACM Computing Surveys, vol. 44, no. 2, Article No. 6, pp. 1–49, 2012.
Hex-Rays, "IDA - Multi-processor disassembler and debugger," [Online]. Available: https://www.hex-rays.com/products/ida/.
T. Teller and A. Hayon, "Enhancing automated malware analysis machines with memory analysis," in Blackhat Arsenal, pp. 1-5, 2014.
S. Logen, H. Höfken, and M. Schuba, "Simplifying RAM forensics - A GUI and extensions for the Volatility framework," in Seventh International Conference on Availability, Reliability and Security (ARES), pp. 620 – 624, 2012.
JamesHabben, "eVOLve," [Online]. Available: https://github.com/JamesHabben/evolve.
Django Software Foundation, "Django – A Python-based web framework," [Online]. Available: https://www.djangoproject.com/.
The Volatility Foundation, "Volatility – A Python-based open source memory forensics," [Online]. Available: http://www.volatilityfoundation.org/.
Django REST Framework, "Django Rest Framework – Django - Python based toolkit for building Web APIs," [Online]. Available: http://www.django-rest-framework.org/.
L. Cai, J. Sha, and W. Qian, "Study on forensic analysis of physical memory," in Proceedings of 2nd International Symposium on Computer, Communication, Control and Automation (3CA 2013), pp. 221-224, 2013.
VirusTotal, "Facilitates the quick detection of viruses, worms, trojans, and all kinds of malware," [Online]. Available: https://virustotal.com/.
Web reference: "The importance of creating a cyber security culture," Information Age, [Online]. Available: http://www.information-age.com/importance-creating-cyber-security-culture-123465778/.
Web reference: "Machine learning is cybersecurity's answer to detecting advanced breaches," Inside Big Data, [Online]. Available: http://insidebigdata.com/2015/12/11/machine-learning-is-cybersecuritys-answer-to-detecting-advanced-breaches/.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2017 The Research Publication
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.