Presentation is loading. Please wait.

Presentation is loading. Please wait.

COEN 252 Computer Forensics

Published byLionel Hines Modified over 6 years ago

Similar presentations

Presentation on theme: "COEN 252 Computer Forensics"— Presentation transcript:

1 COEN 252 Computer Forensics
Investigating Hacker Tools

2 Program Analysis Given an executable, how do we find out what it does?
Try to find the program online. Perform source code review. Execute the program in a sandbox.

3 Program Compilation Compiler Assembler Linker
Translates HLL code to Assembly / ILL Assembler Translates Assembly code to machine language Linker Creates object code out of several modules. A program usually makes library calls (stdio)

4 Program Compilation Statically Linked: All library code is part of the object code Dynamically Linked: Program calls library functions. (DLL) Stripping: Removes all symbols from object code. Packing with UPX.

5 Program Compilation Static compilation needs more memory

6 Program Analysis Static Analysis: Determine the type of executable.
file in Unix exetype in Windows Symbol Extraction: Use a program like strings to find symbols left in object code. Names give hints on program. Will not work for stripped files.

7 Program Analysis Find the program online:
Use the name of the file to find online versions. Use strings to check whether this is a similar file. Use same compiler to compile the online version and check for similarity.

8 Program Analysis Investigate source code

9 Program Analysis Dynamic Analysis of a Hacker Tool Create a sandbox.
VMWare Do not connect to the internet. Sniff on a closed network. On Unix, use strace. Monitors OS calls. On Windows, use Filemon, Regmon, ListDLLs, PsList, Fport

Download ppt "COEN 252 Computer Forensics"

Similar presentations

The Functions and Purposes of Translators Code Generation (Intermediate Code, Optimisation, Final Code), Linkers & Loaders.

The Functions and Purposes of Translators Code Generation (Intermediate Code, Optimisation, Final Code), Linkers & Loaders.
CS 31003: Compilers ANIRUDDHA GUPTA 11CS10004 G2 CLASS DATE : 24/07/2013.

CS 31003: Compilers ANIRUDDHA GUPTA 11CS10004 G2 CLASS DATE : 24/07/2013.
1 Starting a Program The 4 stages that take a C++ program (or any high-level programming language) and execute it in internal memory are: Compiler - C++

1 Starting a Program The 4 stages that take a C++ program (or any high-level programming language) and execute it in internal memory are: Compiler - C++
Systems Software.

Systems Software.
Investigating Malicious Software Steve Romig The Ohio State University April 2002.

Investigating Malicious Software Steve Romig The Ohio State University April 2002.
Software. What Is Software? software –Also called Computer programs –Are a list of instructions –Instructions are called code –CPU performs the instructions.

Software. What Is Software? software –Also called Computer programs –Are a list of instructions –Instructions are called code –CPU performs the instructions.
COEN 250 Computer Forensics Windows Life Analysis.

COEN 250 Computer Forensics Windows Life Analysis.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.
COE 205 - 3 Computer Organization & Assembly Language Introduction HLL vs. Assembly Programming Languages.

COE Computer Organization & Assembly Language Introduction HLL vs. Assembly Programming Languages.
The Assembly Language Level

The Assembly Language Level
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.

1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.

Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.
Tanenbaum, Structured Computer Organization, Fifth Edition, (c) 2006 Pearson Education, Inc. All rights reserved. 0-13-148521-0 The Assembly Language Level.

Tanenbaum, Structured Computer Organization, Fifth Edition, (c) 2006 Pearson Education, Inc. All rights reserved The Assembly Language Level.
I NTRODUCTION TO C OMPUTER S OFTWARE. S OFTWARE & H ARDWARE ? Computer Instructions or data, anything that can be stored electronically is Software. Hardware.

I NTRODUCTION TO C OMPUTER S OFTWARE. S OFTWARE & H ARDWARE ? Computer Instructions or data, anything that can be stored electronically is Software. Hardware.
COMPUTER SOFTWARE Chapter 3. Software & Hardware? Computer Instructions or data, anything that can be stored electronically is Software. Hardware is one.

COMPUTER SOFTWARE Chapter 3. Software & Hardware? Computer Instructions or data, anything that can be stored electronically is Software. Hardware is one.
COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk.

COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk.
CCSA 221 Programming in C CHAPTER 2 SOME FUNDAMENTALS 1 ALHANOUF ALAMR.

CCSA 221 Programming in C CHAPTER 2 SOME FUNDAMENTALS 1 ALHANOUF ALAMR.
F13 Forensic tool analysis Dr. John P. Abraham Professor UTPA.

F13 Forensic tool analysis Dr. John P. Abraham Professor UTPA.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
© Janice Regan, CMPT 128, Jan. 2007 0 CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

Similar presentations

Ads by Google