Browse > Article

Software Montage: Filtering of Detecting Target of Similar Software for Digital Forensic Investigation  

Park, Hee-Wan (KAIST 전산학과)
Han, Tai-Sook (KAIST 전산학과)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.16, no.4, 2010 , pp. 497-501 More about this Journal
Abstract
A software montage means information that can be extracted quickly from software and includes inherent characteristics. If a montage is made from well-known programs, we can filter candidates of similar programs among the group of programs based on the montage. In this paper, we suggest software montages based on two characteristics: API calls and strings. To evaluate the proposed montages, we performed experiments to filter candidates of some similar programs to instant messenger programs. From the experiments, we confirmed that the proposed montages can be used as a forensic tool that filters a group of similar programs even when their functions are not known in advance.
Keywords
Software Montage; Similar Software Filtering; Software Forensics; Digital Forensics;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 messenger analysis in digital forensic viewpoint," Proc. of the Info. Sec. & Crypt, vol.18, no.1, pp.450-453, 2008. (in Korean)
2 K. Kim, S. Park, "Trends of current software reference data set," Journal of Korea Inst. of Info. Sec. & Crypt., vol.18, no.1, pp.70-77, Feb. 2008. (in Korean)   과학기술학회마을
3 NSRL, "National Software Reference Library," http://www.nsrl.nist.gov.
4 K. Seo, K. Lim, S. Lee, "Detecting similar files for digital forensic investigation," Journal of Sec. Eng., vol.7, no.2, pp.182-190, Apr. 2009.(in Korean)
5 MOSS, "A System for Detecting Software Plagiarism," http://theory.stanford.edu/~aiken/moss/.
6 H. Tamada, M. Nakamura, A. Monden, K. Matsumoto, "Java birthmark -detecting the software theft-," IEICE Trans. on Info. & Syst, vol.E88-D, no.9, pp.2148-2158. Sept. 2005.   DOI   ScienceOn
7 W. Cho, H. Park, T. Han, "Fast and automatic classification of software," Proc. of the KIISE, vol.35, no.2, pp.59-60, Oct. 2008. (in Korean)
8 C. Choi, S. Lee, "Computing Similarity between Montages and Facial Photos," Proc. of the KIISE, vol.33, no.2, pp.453-458, Oct. 2006. (in Korean)
9 Nateon Messenger, http://nateon.nate.com.
10 MSN Live Messenger, http://download.live.com.
11 BuddyBuddy, http://messenger.buddybuddy.co.kr.
12 Yahoo Messenger, http://messenger.yahoo.com.
13 Google Talk, http://www.google.com/talk.
14 Daum Messenger, http://messenger.daum.net.
15 Sayclub Messenger, http://tachy.sayclub.com.
16 Dreamwiz, http://www.dreamwiz.com/mgn.
17 Misslee Messenger, http://www.misslee.net.
18 ICQ Messenger, http://www.icq.com.
19 AOL Messenger, http://www.aim.com.
20 K. Lim, J. Park, S. Lee, "Trends and challenges of current digital forensics," Journal of Sec. Eng., vol.5, no.4, pp.47-59, Nov. 2008. (in Korean)
21 EnCase, "Complete data collection solution," http://www.guidancesoftware.com.
22 Skype, http://www.skype.com.