Dotplot patterns: a literal look at pattern languages
Theory and Practice of Object Systems - Special issue on patterns
Visualizing windows executable viruses using self-organizing maps
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
mCarve: Carving attributed dump sets
SEC'11 Proceedings of the 20th USENIX conference on Security
Automated mapping of large binary objects using primitive fragment type classification
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Visualization in testing a volatile memory forensic tool
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Interactive, visual-aided tools to analyze malware behavior
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
Visualization of shared system call sequence relationships in large malware corpora
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Malware analysis method using visualization of binary files
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Hi-index | 0.00 |
The analysis of computer files poses a difficult problem for security researchers seeking to detect and analyze malicious content, software developers stress testing file formats for their products, and for other researchers seeking to understand the behavior and structure of undocumented file formats. Traditional tools, including hex editors, disassemblers and debuggers, while powerful, constrain analysis to primarily text based approaches. In this paper, we present design principles for file analysis which support meaningful investigation when there is little or no knowledge of the underlying file format, but are flexible enough to allow integration of additional semantic information, when available. We also present results from the implementation of a visual reverse engineering system based on our analysis. We validate the efficacy of both our analysis and our system with case studies depicting analysis use cases where a hex editor would be of limited value. Our results indicate that visual approaches help analysts rapidly identify files, analyze unfamiliar file structures, and gain insights that inform and complement the current suite of tools currently in use.