COEN 252 Computer Forensics

Slides:



Advertisements
Similar presentations
The Functions and Purposes of Translators Code Generation (Intermediate Code, Optimisation, Final Code), Linkers & Loaders.
Advertisements

CS 31003: Compilers ANIRUDDHA GUPTA 11CS10004 G2 CLASS DATE : 24/07/2013.
1 Starting a Program The 4 stages that take a C++ program (or any high-level programming language) and execute it in internal memory are: Compiler - C++
Systems Software.
Investigating Malicious Software Steve Romig The Ohio State University April 2002.
Software. What Is Software? software –Also called Computer programs –Are a list of instructions –Instructions are called code –CPU performs the instructions.
COEN 250 Computer Forensics Windows Life Analysis.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.
COE Computer Organization & Assembly Language Introduction HLL vs. Assembly Programming Languages.
The Assembly Language Level
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.
Tanenbaum, Structured Computer Organization, Fifth Edition, (c) 2006 Pearson Education, Inc. All rights reserved The Assembly Language Level.
I NTRODUCTION TO C OMPUTER S OFTWARE. S OFTWARE & H ARDWARE ? Computer Instructions or data, anything that can be stored electronically is Software. Hardware.
COMPUTER SOFTWARE Chapter 3. Software & Hardware? Computer Instructions or data, anything that can be stored electronically is Software. Hardware is one.
COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk.
CCSA 221 Programming in C CHAPTER 2 SOME FUNDAMENTALS 1 ALHANOUF ALAMR.
F13 Forensic tool analysis Dr. John P. Abraham Professor UTPA.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.
Importing outside DLLs into.Net platform and using them By Anupama Atmakur.
Hello World 2 What does all that mean?.
MIPS coding. SPIM Some links can be found such as:
Linking and Loading Linker collects procedures and links them together object modules into one executable program. Why isn't everything written as just.
COEN 250 Computer Forensics Windows Life Analysis.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.
Productivity Tools Ken Nguyen Department of Information Technology Clayton State University.
The LC-3 – Chapter 7 COMP 2620 Dr. James Money COMP
RNJ 05/05/091 6 Further System Fundamentals (HL) ‏ 6.3 Operating Systems and Utility Software Linkers, Loaders and Library Managers.
COEN 250 Computer Forensics Windows Life Analysis.
Mastering Windows Network Forensics and Investigation Chapter 10: Tool Analysis.
Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.
Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.
The MIPS Processor Computer Organization The MIPS Processor Appendix A.
A.Abhari CPS1251 Topic 1: Introduction to Computers Computer Hardware Computer components Connecting Computers Computer Software Operating System (OS)
The Development Process Compilation. Compilation - Dr. Craig A. Struble 2 Programming Process Problem Solving Phase We will spend significant time on.
ICS312 Introduction to Compilers Set 23. What is a Compiler? A compiler is software (a program) that translates a high-level programming language to machine.
LECTURE 3 Translation. PROCESS MEMORY There are four general areas of memory in a process. The text area contains the instructions for the application.
نظام المحاضرات الالكترونينظام المحاضرات الالكتروني Computer Software.
Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea Mar 5, 2008.
Programming 2 Intro to Java Machine code Assembly languages Fortran Basic Pascal Scheme CC++ Java LISP Smalltalk Smalltalk-80.
OE-NIK HP Advanced Programming Using and creating DLL files.
Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.
Computer Software 1.
THE SOFTWARE Computers need clear-cut instructions to tell them what to do, how to do, and when to do. A set of instructions to carry out these functions.
Lecture 3 Translation.
Applications Active Web Documents Active Web Documents.
Topic 2: Hardware and Software
Chapter 2. Malware Analysis in VMs
Ashima Wadhwa Assistant Professor(giBS)
Assembler, Compiler, MIPS simulator
PRINCIPLES OF COMPILER DESIGN
Chapter 5- Assembling , Linking, and Executing Programs
Tools of the Trade
Programming Language Hierarchy, Phases of a Java Program
Contents Todays Topic: Introduction to Computer Software We will learn
2.1. Compilers and Interpreters
Chapter 2. Malware Analysis in VMs
and Executing Programs
The Assembly Language Level
Chapter 7 LC-2 Assembly Language.
Chapter 3. Basic Dynamic Analysis
Computer Organization & Compilation Process
Accomplishing Executables
The Assembly Language Level
PROGRAM AT RUNTIME Subject code: CSCI-620
Computer Organization & Compilation Process
CSC 497/583 Advanced Topics in Computer Security
System Programming By Prof.Naveed Zishan.
Presentation transcript:

COEN 252 Computer Forensics Investigating Hacker Tools

Program Analysis Given an executable, how do we find out what it does? Try to find the program online. Perform source code review. Execute the program in a sandbox.

Program Compilation Compiler Assembler Linker Translates HLL code to Assembly / ILL Assembler Translates Assembly code to machine language Linker Creates object code out of several modules. A program usually makes library calls (stdio)

Program Compilation Statically Linked: All library code is part of the object code Dynamically Linked: Program calls library functions. (DLL) Stripping: Removes all symbols from object code. Packing with UPX.

Program Compilation Static compilation needs more memory

Program Analysis Static Analysis: Determine the type of executable. file in Unix exetype in Windows Symbol Extraction: Use a program like strings to find symbols left in object code. Names give hints on program. Will not work for stripped files.

Program Analysis Find the program online: Use the name of the file to find online versions. Use strings to check whether this is a similar file. Use same compiler to compile the online version and check for similarity.

Program Analysis Investigate source code

Program Analysis Dynamic Analysis of a Hacker Tool Create a sandbox. VMWare Do not connect to the internet. Sniff on a closed network. On Unix, use strace. Monitors OS calls. On Windows, use Filemon, Regmon, ListDLLs, PsList, Fport

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.