Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Analyzing Forensic Anatomization of Windows Artefacts for Bot-Malware Detection

  • Conference paper
  • First Online:
Information and Communication Technology for Intelligent Systems ( ICTIS 2020)

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 195))

  • 813 Accesses

Abstract

In order to analyse and detect Bot-malware early stage infections in user machine, we need approaches that can complement the current anti-virus and signature-based approaches for Bot-malware Detection. Our in-depth study forensically investigates various artefacts of Windows Registry which can be utilized to uncover traces of Bot-malware infection in the system. Further, we suggest system resource usage monitor (SRUM), a new diagnostic feature launched with Windows 8 as a source of potential artefact for Bot-malware early infection detection. This study may assist forensic experts to detect Bot-malware at the system level in the absence of logging or when the malicious application has been purposely removed by the attacker.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Applicable to all user accounts.

  2. 2.

    Applicable to only that user account through which malware gained entry.

  3. 3.

    Windows Storage Directory.

  4. 4.

    In Windows 8, last eight execution timestamps are captured.

  5. 5.

    Available in Windows Registry at.

  6. 6.

    Spotify Music Application: https://www.spotify.com/in/.

  7. 7.

    https://marketing.accessdata.com/ftkimager4.2.0.

  8. 8.

    https://github.com/MarkBaggett/srum-dump.

References

  1. Desktop Operating System Worldwide. https://gs.statcounter.com/os-market-share/desktop/worldwide

  2. 2019 Internet Security Threat Report. https://www.symantec.com/security-center/threat-report

  3. Alghafli, K.A., Jones, A., Martin, T.A.: Forensic analysis of the windows 7 registry. JDFSL 5(4), 5–30. http://ojs.jdfsl.org/index.php/jdfsl/article/view/141 (2010)

  4. Shaikh, A.: Botnet Analysis and Detection System. Napier. http://www.soc.napier.ac.uk/~bill/botnet_alan.pdf (2010)

  5. Satrya, G.B., Cahyani, N.D., Andreta, R.F.: The detection of 8 type malware botnet using hybrid malware analysis in executable file windows operating systems. In: Proceedings of the 17th International Conference on Electronic Commerce 2015, p. 5. ACM (2015)

    Google Scholar 

  6. Alsulami, B., Srinivasan, A., Dong, H., Mancoridis, S.: Lightweight behavioral malware detection for windows platforms. In: 2017 12th International Conference on Malicious and Unwanted Software (MALWARE), pp. 75–81. IEEE (2017)

    Google Scholar 

  7. Singh, B., Singh, U.: Program execution analysis in windows: a study of data sources, their format and comparison of forensic capability. Comput. Secur. 74, 94–114 (2018). https://doi.org/10.1016/j.cose.2018.01.006

    Article  Google Scholar 

  8. Duranec, A., Topolčić, D., Hausknecht, K., Delija, D.: Investigating file use and knowledge with windows 10 artifacts. In: 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). pp. 1213–1218. IEEE (2019)

    Google Scholar 

  9. Wael, D., Azer, M.A.: Malware incident handling and analysis workflow. In: 2018 14th International Computer Engineering Conference (ICENCO). pp. 242–248. IEEE (2018)

    Google Scholar 

  10. Farmer, D.J.: A forensic analysis of the windows registry. Forensic Focus (2007)

    Google Scholar 

  11. Singh, A., Venter, H.S., Ikuesan, A.R.: Windows registry harnesser for incident response and digital forensic analysis. Aust. J. Forensic Sci. 1–17 (2018)

    Google Scholar 

  12. Raja, P.K.: Run keys in the Registry. https://www.symantec.com/connect/blogs/run-keys-registry (2008)

  13. Infosecuritygeek: Prefetch Forensics. https://infosecuritygeek.com/prefetch-forensics/ (2018)

  14. McQuaid, J.: Forensic analysis of prefetch files in windows. https://www.magnetforensics.com/blog/forensic-analysis-of-prefetch-files-in-windows/ (2019)

  15. Center, S.I.S.: Sans: System resource utilization monitor. https://isc.sans.edu/forums/diary/SystemResourceUtilizationitor/21927/ (2017)

  16. Khatri, Y.: Forensic implications of system resource usage monitor (SRUM) data in windows 8. Digital Invest. 12, 53–65 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indira Gandhi Delhi Technical University for Women, New Church Road, Kashmere Gate, Delhi, 110006, India

    Vasundhra Gupta, Mohona Ghosh & Niyati Baliyan

Authors
  1. Vasundhra Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohona Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Niyati Baliyan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohona Ghosh .

Editor information

Editors and Affiliations

  1. Department of Electrical and Electronics Engineering, University of the Ryukyus, Nishihara, Japan

    Tomonobu Senjyu

  2. Sinhgad Technical Education Society, SKNCOE, Pune, India

    Parikshit N. Mahalle

  3. Universiti Putra Malaysia, Serdang, Malaysia

    Thinagaran Perumal

  4. Global Knowledge Research Foundation, Ahmedabad, India

    Amit Joshi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gupta, V., Ghosh, M., Baliyan, N. (2021). Analyzing Forensic Anatomization of Windows Artefacts for Bot-Malware Detection. In: Senjyu, T., Mahalle, P.N., Perumal, T., Joshi, A. (eds) Information and Communication Technology for Intelligent Systems. ICTIS 2020. Smart Innovation, Systems and Technologies, vol 195. Springer, Singapore. https://doi.org/10.1007/978-981-15-7078-0_61

Download citation

Publish with us

Policies and ethics

Search

Navigation