Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Detection Techniques for ELF Executable File Using Assembly Instruction Searching

  • Conference paper
Computational Science and Its Applications – ICCSA 2004 (ICCSA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Included in the following conference series:

  • 621 Accesses

Abstract

As the frequency of computer crime is increasing, computer forensics became the center of interest in information security. A region of computer forensics is to restore the deleted information, to detect the hidden information, and to find out the meaning of the information. However, the result of present research restoring binary data and analyzing the meaning of the information is not covered by forensics investigation. This is the reason why we suggest some techniques for recovering original data and figuring out whether it is a fragment of executable file. Suggested detection method is based on the structure of ELF file consisting of a header and a lot of assembly operation codes. If the ratio of detected assembly instructions to size of a file fragment is over than fixed value (threshold), then we decide that the fragment is one section of executable file.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Garber, L.: ‘EnCase: A Case Study in Computer-Forensic Technology. IEEE Computer Magazine, 202–205 (January 2001)

    Google Scholar 

  2. Guidance Software, EnCase Legal Journal, Second Edition (2003)

    Google Scholar 

  3. Farmer, D., Wietse, Venema, The coroner’s toolkit (TCT), available at: http://www.porcupine.org/forensics/tct.html

  4. Carrier, B.: Personal Digital Forensics Research available at: http://www.cerias.purdue.edu/homes/carrier/forensics/index.html

  5. Marcella, A.J., Greenfield, R.S.: Cyber Forensics: A field manual for collecting, examining, and preserving evidence of computer crimes, Auerbach Publications (2002)

    Google Scholar 

  6. Intel Corporation, The IA-32 Intel Architecture Software Developer’s Manual (2003)

    Google Scholar 

  7. Chuvakin, A.: Linux Data Hiding and Recovery, available at: http://www.linuxsecurity.com/feature_stories/data-hiding-forensics.html

  8. Nagpal, R.: Recovery of Digital Evidence, available at: http://www.asianlaws.org/cyberlaw/library/cc/dig_evi.htm

  9. Vacca, J.R.: Computer Crime Scene Investigation, Charles River media (2002)

    Google Scholar 

  10. Kruse II, W.G., Heiser, J.G.: Computer Forensics: Incident Response Essentials. Addison Wesley, Reading (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, JH., Kim, Ms., Noh, BN. (2004). Detection Techniques for ELF Executable File Using Assembly Instruction Searching. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics