Abstract
In order to analyse and detect Bot-malware early stage infections in user machine, we need approaches that can complement the current anti-virus and signature-based approaches for Bot-malware Detection. Our in-depth study forensically investigates various artefacts of Windows Registry which can be utilized to uncover traces of Bot-malware infection in the system. Further, we suggest system resource usage monitor (SRUM), a new diagnostic feature launched with Windows 8 as a source of potential artefact for Bot-malware early infection detection. This study may assist forensic experts to detect Bot-malware at the system level in the absence of logging or when the malicious application has been purposely removed by the attacker.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Applicable to all user accounts.
- 2.
Applicable to only that user account through which malware gained entry.
- 3.
Windows Storage Directory.
- 4.
In Windows 8, last eight execution timestamps are captured.
- 5.
Available in Windows Registry at.
- 6.
Spotify Music Application: https://www.spotify.com/in/.
- 7.
- 8.
References
Desktop Operating System Worldwide. https://gs.statcounter.com/os-market-share/desktop/worldwide
2019 Internet Security Threat Report. https://www.symantec.com/security-center/threat-report
Alghafli, K.A., Jones, A., Martin, T.A.: Forensic analysis of the windows 7 registry. JDFSL 5(4), 5–30. http://ojs.jdfsl.org/index.php/jdfsl/article/view/141 (2010)
Shaikh, A.: Botnet Analysis and Detection System. Napier. http://www.soc.napier.ac.uk/~bill/botnet_alan.pdf (2010)
Satrya, G.B., Cahyani, N.D., Andreta, R.F.: The detection of 8 type malware botnet using hybrid malware analysis in executable file windows operating systems. In: Proceedings of the 17th International Conference on Electronic Commerce 2015, p. 5. ACM (2015)
Alsulami, B., Srinivasan, A., Dong, H., Mancoridis, S.: Lightweight behavioral malware detection for windows platforms. In: 2017 12th International Conference on Malicious and Unwanted Software (MALWARE), pp. 75–81. IEEE (2017)
Singh, B., Singh, U.: Program execution analysis in windows: a study of data sources, their format and comparison of forensic capability. Comput. Secur. 74, 94–114 (2018). https://doi.org/10.1016/j.cose.2018.01.006
Duranec, A., Topolčić, D., Hausknecht, K., Delija, D.: Investigating file use and knowledge with windows 10 artifacts. In: 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). pp. 1213–1218. IEEE (2019)
Wael, D., Azer, M.A.: Malware incident handling and analysis workflow. In: 2018 14th International Computer Engineering Conference (ICENCO). pp. 242–248. IEEE (2018)
Farmer, D.J.: A forensic analysis of the windows registry. Forensic Focus (2007)
Singh, A., Venter, H.S., Ikuesan, A.R.: Windows registry harnesser for incident response and digital forensic analysis. Aust. J. Forensic Sci. 1–17 (2018)
Raja, P.K.: Run keys in the Registry. https://www.symantec.com/connect/blogs/run-keys-registry (2008)
Infosecuritygeek: Prefetch Forensics. https://infosecuritygeek.com/prefetch-forensics/ (2018)
McQuaid, J.: Forensic analysis of prefetch files in windows. https://www.magnetforensics.com/blog/forensic-analysis-of-prefetch-files-in-windows/ (2019)
Center, S.I.S.: Sans: System resource utilization monitor. https://isc.sans.edu/forums/diary/SystemResourceUtilizationitor/21927/ (2017)
Khatri, Y.: Forensic implications of system resource usage monitor (SRUM) data in windows 8. Digital Invest. 12, 53–65 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gupta, V., Ghosh, M., Baliyan, N. (2021). Analyzing Forensic Anatomization of Windows Artefacts for Bot-Malware Detection. In: Senjyu, T., Mahalle, P.N., Perumal, T., Joshi, A. (eds) Information and Communication Technology for Intelligent Systems. ICTIS 2020. Smart Innovation, Systems and Technologies, vol 195. Springer, Singapore. https://doi.org/10.1007/978-981-15-7078-0_61
Download citation
DOI: https://doi.org/10.1007/978-981-15-7078-0_61
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-7077-3
Online ISBN: 978-981-15-7078-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)