Forensic Analysis of a Ransomware
Animesh Kumar Agrawal1, Sumit Sah2, Pallavi Khatri3
1Animesh Kumar Agrawal*, Computer Science Department, ITM University Gwalior, India.
2Sumit Sah, Computer Science Department, ITM University Gwalior, India.
3Dr Pallavi Khatri, Computer Science Department, ITM University Gwalior, India.
Manuscript received on December 15, 2019. | Revised Manuscript received on December 20, 2019. | Manuscript published on January 10, 2020. | PP: 3618-3622 | Volume-9 Issue-3, January 2020. | Retrieval Number: C8385019320/2020©BEIESP | DOI: 10.35940/ijitee.C8385.019320
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: In the present digital world malware is the most potent weapon. Malware, especially ransomware, is used in security breaches on a large scale which leads to huge losses in terms of money and critical information for big firms and government organisations. In order to counter the future ransomware attacks it is necessary to carry out a forensic analysis of the malware. This experiment proposes a manual method for dynamic malware analysis so that security researchers or malware analyst can easily understand the behaviour of the ransomware and implement a better solution for reducing the risk of malware attack in future. For doing this experiment Volatility, Regshot and FTK Imager Lite Forensics toolkit were used in a virtual and safe environment. The forensic analysis of a Ransomware is done in a virtual setup to prevent any infection to the base machine and carry out detailed analysis of the behaviour of the malware under different conditions. Malware analysis is important because the behavioral analysis helps in developing better mitigation techniques thereby reducing infection risks. The research can prove effective in development of a ransomware decryptor which can be used to recover data after an attack has encrypted the files.
Keywords: Malware Analysis, FTK Imager, Volatility, Virtual Box, Ransomware.
Scope of the Article: Analysis of Algorithms and Computational Complexity