A Study on the Live Forensic Techniques for Anomaly Detection in User Terminals
Recently, Malware have been created in order to commit a theft user's permission via C&C botnet and stopover server. It makes information leakage by arbitrarily modifying or creation of system files. It defines the limitation of conventional pattern matching and signature detection of vaccine. Digital forensics techniques that have been used to analyze system intrusion incidents traditionally are used to detect anomaly behavior that may occur in the user terminal environment. Particularly, for the method to analyze user terminals, automated live forensics techniques that are used as supporting tool for malicious code (malware) detection. The authors suggest a way to take advantage of the live forensic techniques for the anomaly detection of malware.