Authors (Affiliation): Parag Shukla (School of Cyber Security and Digital Forensics, National Forensic Sciences University), Aditya Pratap (Digital Forensics & Information Security, School of Cyber Security and Digital Forensics, National Forensic Sciences University), Jay Teraiya (National Forensic Sciences University)

Abstract:

—In order to detect and triage malicious processes on Windows machines, efficient and automated techniques need to be developed. Using a comprehensive suite of open-source tools and available python libraries, this research project presents an innovative approach for automating the analysis of Windows machines. The primary objective is to enhance the capabilities of analysts by providing them with a program that can swiftly identify and analyze various security parameters, such as process PID-PPID relationships, network activities, and process command lines. By leveraging opensource tools, the proposed solution aims to streamline the triaging and analysis process, thereby addressing the challenge faced by analysts when encountering machines infected with malicious programs.

Keywords: Automated analysis, Windows triaging, Malware analysis, Open-source tools, Security parameters

Vol & Issue: VOL.2, ISSUE No.1, June 2023