Research Article
Digital Forensic Analysis on Runtime Instruction Flow
426 downloads
@INPROCEEDINGS{10.1007/978-3-642-23602-0_15, author={Juanru Li and Dawu Gu and Chaoguo Deng and Yuhao Luo}, title={Digital Forensic Analysis on Runtime Instruction Flow}, proceedings={Forensics in Telecommunications, Information, and Multimedia. Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers}, proceedings_a={E-FORENSICS}, year={2012}, month={10}, keywords={Digital forensics Dynamic analysis Instruction flow Virtual machine Emulation}, doi={10.1007/978-3-642-23602-0_15} }- Juanru Li
Dawu Gu
Chaoguo Deng
Yuhao Luo
Year: 2012
Digital Forensic Analysis on Runtime Instruction Flow
E-FORENSICS
Springer
DOI: 10.1007/978-3-642-23602-0_15
Abstract
Computer system’s runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ignored. We present a novel approach on runtime instruction forensic analysis and have developed a forensic system which collects instruction flow and extracts digital evidence. The system is based on whole-system emulation technique and analysts are allowed to define analysis strategy to improve analysis efficiency and reduce overhead. This forensic approach and system are applicable to binary code analysis, information retrieval and malware forensics.
Copyright © 2010–2024 ICST
