Open AccessRansomware Automatic Data Acquisition Tool
Author(s) -
Luis Javier Garcia Villalba,
Ana Lucila Sandoval Orozco,
Antonio Lopez Vivar,
Esteban Alejandro Armas Vega,
Tai-Hoon Kim
Publication year - 2018
Publication title -
ieee access
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.587
H-Index - 127
ISSN - 2169-3536
DOI - 10.1109/access.2018.2868885
Subject(s) - aerospace , bioengineering , communication, networking and broadcast technologies , components, circuits, devices and systems , computing and processing , engineered materials, dielectrics and plasmas , engineering profession , fields, waves and electromagnetics , general topics for engineers , geoscience , nuclear engineering , photonics and electrooptics , power, energy and industry applications , robotics and control systems , signal processing and analysis , transportation
Ransomware attacks reported to authorities face the technical difficulty of local police units in gathering information and executing proper forensic analysis. This paper proposes a forensic analysis tool that acts during the final stage of the ransomware infection cycle to provide a quick and easy option to acquire valuable information for the forensic analyst in order to facilitate the subsequent classification of ransomware. The proposed tool combines pop-up window capture showing the ransomware and through the optical character recognition techniques, obtaining the rescue message along with the payment address and value. In addition, it extracts the files generated by the ransomware and dumps the virtual memory of the system for analysis by the forensic technician. To evaluate the accuracy of the tool, experiments were conducted with different samples of ransomware on a real computer, under a controlled environment.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom