Abstract

Hidden processes threat, which is a technique that is used by malicious code to hide their activities, is a serious threat to the operating systems. Therefore, the security programs try to defeat this threat using different approaches. This paper presents a hidden processes detector (HPD) program to detect hidden processes on Windows-based systems. The proposed HPD program introduces a new approach based on the Windows Prefetch files. The proposed HPD program has been tested and the results have been mentioned in this paper.

References

• Hale Ligh, M., Case, A. , Levy, J. , Walters, A. 2014, “ The Art of Memory Forensics”, John Wiley & Sons, Inc.
• Carvey, H., 2012, "Windows Forensic Analysis Toolkit", Syngress.
• Blunden, B. , 2013, "The Rootkit Arsenal", 2nd Edition,
• Wen, Y., Zhao, J. , Wang, H. ,Implicit Detection of Hidden Processes with a Local-Booted Virtual Machine, International Journal of Security and Its Applications vol. 2. No. 4, 2008
• Rutkowski, J., 2003, Advanced Windows 2000 Rootkit Detection.
• Oroszlany, M., 2008, Rootkits under Windows OS and methods of their detection
• ARNOLD, T. , 2011, A COMPARATIVE ANALYSIS OF ROOTKIT DETECTION TECHNIQUES.
• Bozagac, C., 2006,GHOSTWARE AND ROOTKIT DETECTION TECHNIQUES FOR WINDOWS.
• Bravo, P. , García, D. , PROACTIVE DETECTION OF KERNEL-MODE ROOTKITS
• Hoglund, G., Butler, J. , 2005, Rootkits: Subverting the Windows Kernel.
• Messier, R., 2016, OPERATING SYSTEM FORENSICS, Syngress.
• http://diggfreeware.com/incredible-free-and-open-source-process-hider-and-file-hider/]
• Garcia, L., 2011, BULK EXTRACTOR WINDOWS PREFETCH DECODER.