Research Article

Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files

by  Zaid Abdulelah Mundher
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 171 - Issue 6
Published: Aug 2017
Authors: Zaid Abdulelah Mundher
10.5120/ijca2017915038
PDF

Zaid Abdulelah Mundher . Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files. International Journal of Computer Applications. 171, 6 (Aug 2017), 37-39. DOI=10.5120/ijca2017915038

                        @article{ 10.5120/ijca2017915038,
                        author  = { Zaid Abdulelah Mundher },
                        title   = { Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files },
                        journal = { International Journal of Computer Applications },
                        year    = { 2017 },
                        volume  = { 171 },
                        number  = { 6 },
                        pages   = { 37-39 },
                        doi     = { 10.5120/ijca2017915038 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2017
                        %A Zaid Abdulelah Mundher
                        %T Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files%T 
                        %J International Journal of Computer Applications
                        %V 171
                        %N 6
                        %P 37-39
                        %R 10.5120/ijca2017915038
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

Hidden processes threat, which is a technique that is used by malicious code to hide their activities, is a serious threat to the operating systems. Therefore, the security programs try to defeat this threat using different approaches. This paper presents a hidden processes detector (HPD) program to detect hidden processes on Windows-based systems. The proposed HPD program introduces a new approach based on the Windows Prefetch files. The proposed HPD program has been tested and the results have been mentioned in this paper.

References
  • Hale Ligh, M., Case, A. , Levy, J. , Walters, A. 2014, “ The Art of Memory Forensics”, John Wiley & Sons, Inc.
  • Carvey, H., 2012, "Windows Forensic Analysis Toolkit", Syngress.
  • Blunden, B. , 2013, "The Rootkit Arsenal", 2nd Edition,
  • Wen, Y., Zhao, J. , Wang, H. ,Implicit Detection of Hidden Processes with a Local-Booted Virtual Machine, International Journal of Security and Its Applications vol. 2. No. 4, 2008
  • Rutkowski, J., 2003, Advanced Windows 2000 Rootkit Detection.
  • Oroszlany, M., 2008, Rootkits under Windows OS and methods of their detection
  • ARNOLD, T. , 2011, A COMPARATIVE ANALYSIS OF ROOTKIT DETECTION TECHNIQUES.
  • Bozagac, C., 2006,GHOSTWARE AND ROOTKIT DETECTION TECHNIQUES FOR WINDOWS.
  • Bravo, P. , García, D. , PROACTIVE DETECTION OF KERNEL-MODE ROOTKITS
  • Hoglund, G., Butler, J. , 2005, Rootkits: Subverting the Windows Kernel.
  • Messier, R., 2016, OPERATING SYSTEM FORENSICS, Syngress.
  • http://diggfreeware.com/incredible-free-and-open-source-process-hider-and-file-hider/]
  • Garcia, L., 2011, BULK EXTRACTOR WINDOWS PREFETCH DECODER.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Hidden-process Windows Prefetch files Rootkit.

Powered by PhDFocusTM