Title :
Automated forensic extraction of encryption keys using behavioral analysis
Author_Institution :
Univ. of Greenwich, London, UK
Abstract :
In this paper we describe a technique for automatic algorithm identification and information extraction from unknown binaries. We emulate the binary using PyEmu forcing complete code coverage whilst simultaneously examining its behavior. Our behavior matcher then identifies specific algorithmic behavior and extracts information. We demonstrate the use of this technique for automated extraction of encryption keys from an unseen program with no prior knowledge about its implementation. Our technique can also be used for automatic categorization and suggestion of function purpose to analysts.
Keywords :
computer forensics; cryptography; program testing; program verification; PyEmu; algorithmic behavior; automated forensic extraction; automatic algorithm identification; automatic categorization; behavior matcher; behavioral analysis; complete code coverage; encryption keys; information extraction; Algorithm design and analysis; Data mining; Emulation; Encryption; Libraries; Malware; Software; behavioural analysis; binary analysis; encryption key extraction;
Conference_Titel :
Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4673-1425-1
DOI :
10.1109/CyberSec.2012.6246130
