Malicious Process Detection using OSA on a DFXML Evidence File

摘要

Cyber-Crime by running malicious processes on workstation are becoming rampant in information industries. Malicious processes tend to be dangerous to sensitive information and must be detected as and when they are triggered. Various tools and techniques are available to detect such dangerous processes out of which, we have set our focus on the DFXML (Digital Forensics XML) language that is used to exchange structured Cyber-Forensic information. We have an evidence file in the DFXML format captured from a malicious computer system which contains all running processes metadata and other related information. We have applied the OSA (Optimal String Alignment) algorithm to detect malicious processes from collected evidences in DFXML format. This has lessened the manual work of the cyber forensic investigators to a greater extent of comparing all running processes along with valid white-hat processes, aiding in faster malicious processes detection in Cyber Forensic Investigations.