Abstract
As the frequency of computer crime is increasing, computer forensics became the center of interest in information security. A region of computer forensics is to restore the deleted information, to detect the hidden information, and to find out the meaning of the information. However, the result of present research restoring binary data and analyzing the meaning of the information is not covered by forensics investigation. This is the reason why we suggest some techniques for recovering original data and figuring out whether it is a fragment of executable file. Suggested detection method is based on the structure of ELF file consisting of a header and a lot of assembly operation codes. If the ratio of detected assembly instructions to size of a file fragment is over than fixed value (threshold), then we decide that the fragment is one section of executable file.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Garber, L.: ‘EnCase: A Case Study in Computer-Forensic Technology. IEEE Computer Magazine, 202–205 (January 2001)
Guidance Software, EnCase Legal Journal, Second Edition (2003)
Farmer, D., Wietse, Venema, The coroner’s toolkit (TCT), available at: http://www.porcupine.org/forensics/tct.html
Carrier, B.: Personal Digital Forensics Research available at: http://www.cerias.purdue.edu/homes/carrier/forensics/index.html
Marcella, A.J., Greenfield, R.S.: Cyber Forensics: A field manual for collecting, examining, and preserving evidence of computer crimes, Auerbach Publications (2002)
Intel Corporation, The IA-32 Intel Architecture Software Developer’s Manual (2003)
Chuvakin, A.: Linux Data Hiding and Recovery, available at: http://www.linuxsecurity.com/feature_stories/data-hiding-forensics.html
Nagpal, R.: Recovery of Digital Evidence, available at: http://www.asianlaws.org/cyberlaw/library/cc/dig_evi.htm
Vacca, J.R.: Computer Crime Scene Investigation, Charles River media (2002)
Kruse II, W.G., Heiser, J.G.: Computer Forensics: Incident Response Essentials. Addison Wesley, Reading (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, JH., Kim, Ms., Noh, BN. (2004). Detection Techniques for ELF Executable File Using Assembly Instruction Searching. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-24707-4_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22054-1
Online ISBN: 978-3-540-24707-4
eBook Packages: Springer Book Archive