Title: Forensic investigation and analysis of malware in Windows OS

Authors: Frank Fiadufe; Krishna Modi; Kapil Shukla; Felix O. Etyang

Addresses: Department of Forensic Sciences, National Forensic Sciences University, Gandhinagar, India ' Department of Forensic Sciences, National Forensic Sciences University, Gandhinagar, India ' Department of Forensic Sciences, National Forensic Sciences University, Gandhinagar, India ' Department of Digital Forensics and Information Security, National Forensic Sciences University, Gandhinagar, India

Abstract: Malware has become a pervasive concern for malware analysts and digital forensics. This research investigates malware forensics to detect, investigate, and analyse malicious software. The research examines the application of digital forensic science to dissect threat vectors, specifically malware, shedding light on their behaviour on computer hard disks and memory. Using various digital forensic tools, memory forensics, and hard disk forensics are performed on an infected Windows 7 OS, followed by static and dynamic analysis of malicious software. Memory samples are analysed using volatility for memory forensics, while disk images are analysed using autopsy for hard disk forensics. The malware's functionality is fully comprehended through meticulous extraction and analysis. A robust framework for malware forensic investigation emerges, facilitating detection, analysis, and understanding of malware behaviour. This research underscores the significance of integrating digital forensics tools and techniques to combat evolving malware threats effectively.

Keywords: digital forensics; memory forensics; hard disk forensics; static and dynamic analysis.

DOI: 10.1504/IJESDF.2025.143477

International Journal of Electronic Security and Digital Forensics, 2025 Vol.17 No.1/2, pp.169 - 182

Received: 15 Jun 2023
Accepted: 21 Sep 2023
Published online: 23 Dec 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article