Automated forensic extraction of encryption keys using behavioural analysis

Gareth Owen

Research output: Contribution to conferencePaperpeer-review

129 Downloads (Pure)

Abstract

In this paper we describe a technique for automatic algorithm identification and information extraction from unknown binaries. We emulate the binary using PyEmu forcing complete code coverage whilst simultaneously examining its behavior. Our behavior matcher then identifies specific algorithmic behavior and extracts information. We demonstrate the use of this technique for automated extraction of encryption keys from an unseen program with no prior knowledge about its implementation. Our technique can also be used for automatic categorization and suggestion of function purpose to analysts
Original languageEnglish
Publication statusPublished - Jun 2012
EventIEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensics - Kuala Lumpur, Malaysia
Duration: 26 Jun 201228 Jun 2012

Conference

ConferenceIEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensics
Country/TerritoryMalaysia
CityKuala Lumpur
Period26/06/1228/06/12

Fingerprint

Dive into the research topics of 'Automated forensic extraction of encryption keys using behavioural analysis'. Together they form a unique fingerprint.

Cite this