Design and Development of Forensic Analysis Toolkit for Analyzing Malware Binary

Abstract

Forensic analysis is a very old field of crime investigation. Lots of work has been done into development technology for this field. Earlier the chemical sciences were used to perform various kinds of analyses in case of some crime investigation. But as the way of committing crimes has changed so there exists a great need to investigate such matters with same modern technology. Cyber crimes have now become latest kind of crimes where computer may be involved directly or indirectly. One way the computer would have been used indirectly i.e. for sending the mail etc for communication to another partner. In another way the direct involvement means attacking computer/network itself for gathering some sort of information, corrupting the computer data, causing the target network to go down or various other sort of attacks. The very common sort of attacks that are occurring in today’s world are caused by malwares spreading day by day in large computer networks. In this thesis the intent is to explain details about computer forensics. The malware binaries will be analyzed and primary aim will be to find that what sort of information can be obtained from the malware binary that would have been found on some infected system. Secondary aim would be to develop a tool that would provide some automated analysis results of forensic analysis of the malware binary. These tools may further be extended to more refined toolkit to add more analysis steps for better and elaborated results.