Abstract
Ransomware attacks reported to authorities face the technical difficulty of local police units in gathering information and executing proper forensic analysis. This paper proposes a forensic analysis tool that acts during the final stage of the ransomware infection cycle to provide a quick and easy option to acquire valuable information for the forensic analyst in order to facilitate the subsequent classification of ransomware. The proposed tool combines pop-up window capture showing the ransomware and through the optical character recognition techniques, obtaining the rescue message along with the payment address and value. In addition, it extracts the files generated by the ransomware and dumps the virtual memory of the system for analysis by the forensic technician. To evaluate the accuracy of the tool, experiments were conducted with different samples of ransomware on a real computer, under a controlled environment.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
