Creative Commons

Cybercriminals today are able to orchestrate and realize massive or more targeted at-tacks using malware as the mean to invade and infect the victim’s machines thus ac-complishing their malicious intents. Detecting and analyzing such attacks might not al-ways be feasible and could become a daunting and frustrating process. Targeted attacks are amongst the hardest to detect or analyze and pose a major security threat for organi-zations and large corporations as such malware attacks are extremely sophisticated and may go unnoticed for a large period of time magnifying the resulting damaging effects. Modern malicious instances are characterized by composite behavior and functionality. As malware evolves and becomes more sophisticated malicious intruders have the abil-ity to adjust their behavior depending on the infected system and its surrounding envi-ronment. Malevolent performance may be exhibited only upon the acknowledgment of specific system factors and the combination of several adjacent parameters and condi-tions. Certain behavioral aspects might be triggered upon the acknowledgment of spe-cific environmental parameters while performance variances could differently affect each infected machine. To overcome such shortcomings, we introduce a novel forensics methodology for as-sessing and reporting on the modus operandi of a malware in a specific organizational context. The proposed malware forensics framework facilitates multiple executions of the same malware in differently configured systems, in an automated manner, providing fast and inclusive results on how each malware behaves under a specific organizational context. The introduced analysis approach has the ability to correlate, analyze and inter-pret malware analysis results in an automated manner, significantly reducing time and effort needed to investigate and extract forensic intelligence information from a collec-tion of analysis reports.