Jung Sun Kim , Jung Min Kang , Kang San Kim , Wook Shin

KIPS Transactions on Computer and Communication Systems, Vol. 2, No. 1, pp. 43-50, Jan. 2013
10.3745/KTCCS.2013.2.1.43,   PDF Download:

Abstract

File identification and analysis is an important process of computer forensics, since the process determines which subjects are necessary to be collected and analyzed as digital evidence. An efficient file classification aids in the identification, especially in case of copyright infringement where we often have huge amounts of files. A lot of file classification methods have been proposed by far, but they have mostly focused on classifying malicious behaviors based on known information. In copyright infringement cases, we need a different approach since our subject includes not only malicious codes, but also vast number of normal files. In this paper, we propose an efficient file classification method that relies on undocumented information in the header of the PE format files. Out method is useful in copyright infringement cases, being applied to any sort of PE format executable file whether the file is malicious, packed, mutated, transformed, virtualized, obfuscated, or not.

Statistics
Cite this article