

























Cyber security attacks have become increasingly complex over time, with various phases of their kill chain, involving binaries, scripts, documents, executed commands, vulnerabilities, or network traffic. We propose a tool, GView, that is designed to investigate possible attacks by providing guided analysis for various file types using automatic artifact identification, extraction, coherent correlation &,inference, and meaningful & intuitive views at different levels of granularity w.r.t. revealed information. The concept behind GView simplifies navigation through all payloads in a complex attack, streamlining the process for security researchers, and Increasing the quality of analysis. GView is generic in the sense it supports a variety of file types and has multiple visualization modes that can be automatically adjusted for each file type alone. Our evaluation shows that GView significantly improves the analysis time of an attack compared to conventional tools used in forensics.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。