• DocumentCode
    2696274
  • Title

    Automated forensic extraction of encryption keys using behavioral analysis

  • Author

    Owen, Gareth

  • Author_Institution
    Univ. of Greenwich, London, UK
  • fYear
    2012
  • fDate
    26-28 June 2012
  • Firstpage
    171
  • Lastpage
    175
  • Abstract
    In this paper we describe a technique for automatic algorithm identification and information extraction from unknown binaries. We emulate the binary using PyEmu forcing complete code coverage whilst simultaneously examining its behavior. Our behavior matcher then identifies specific algorithmic behavior and extracts information. We demonstrate the use of this technique for automated extraction of encryption keys from an unseen program with no prior knowledge about its implementation. Our technique can also be used for automatic categorization and suggestion of function purpose to analysts.
  • Keywords
    computer forensics; cryptography; program testing; program verification; PyEmu; algorithmic behavior; automated forensic extraction; automatic algorithm identification; automatic categorization; behavior matcher; behavioral analysis; complete code coverage; encryption keys; information extraction; Algorithm design and analysis; Data mining; Emulation; Encryption; Libraries; Malware; Software; behavioural analysis; binary analysis; encryption key extraction;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on
  • Conference_Location
    Kuala Lumpur
  • Print_ISBN
    978-1-4673-1425-1
  • Type

    conf

  • DOI
    10.1109/CyberSec.2012.6246130
  • Filename
    6246130
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2696274