System and method for detecting malware targeting the boot process of a computer using boot process emulation

摘要

System and method for detecting malware on a target computer system having a bootable device. Boot process information stored on the bootable device that at least partially defines a boot process of the target computer system is obtained, along with physical parameter data defining a storage arrangement structure of the bootable device. The boot process of the target computer system is emulated based on the boot process information and on the physical parameter data. The emulation includes executing instructions of the boot process information and tracking data accessed from the bootable device. A data structure representing the data accessed from the bootable device is stored during the emulation of the boot process. The data structure can be analyzed for any presence of boot process malware.