摘要
Computer system's runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ignored. We present a novel approach on runtime instruction forensic analysis and have developed a forensic system which collects instruction flow and extracts digital evidence. The system is based on whole-system emulation technique and analysts are allowed to define analysis strategy to improve analysis efficiency and reduce overhead. This forensic approach and system are applicable to binary code analysis, information retrieval and matware forensics.
作者简介
Li Juanru, is currently a Ph. D candidate in Department of Computer Science and Engineering, Shanghai Jiao Tong University. He received his B.S. degree from Shanghai Jiao Tong University in 2007. His research interests include software security and Side Channel Attack.Gu Dawu, is a full professor and a faculty member at Shanghai Jiao Tong University in Computer Science and Engineering Department. He was awarded a B.S. degree in applied mathematics in 1992, and a Ph.D. degree in cryptography in 1998, both from Xidian University. He is a senior member of China Computer Federation and is also both members of IACR and ACM. He ever wined the honor of New Century Excellent Talent made by Ministry of Education of China in 2005. He was a visiting scholar in Tokyo University in 2002, and a senior research fellow in Katholleke Universiteit Leuven (KUL) in 2008, respectively. His main research interests focus on applied cryptography and computer security. He has got over 90 scientific papers in academic journals and conferences.Deng Chaoguo, is currently a Master candidate in Department of Computer Science and Engineering, Shanghai Jiao Tong University. He received his B.S. degree from Tong Ji University in 2008. His research interests include software security.Luo Yuhao, is currently a Ph. D candidate in Department of Computer Science and Engineering, Shanghai Jiao Tong University. He received his B.S. degree from Tong Ji University in 2009. His research interests include software security.
