Difference between pages "Steganography Analysis and Research Center / Backbone Security" and "Malware"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
The '''Steganography Analysis and Research Center (SARC)''' is a Center of Excellence within Backbone Security focused exclusively on steganography research and the development of advanced steganalysis products and services. The SARC has developed state-of-the-art steganography detection and extraction capabilities that address the needs of digital investigation specialists and information technology security personnel in law enforcement, government, military, intelligence, and the private sector. By providing a national repository of steganography application hash values, or fingerprints, and developing the most advanced tools, techniques, and procedures to find and extract hidden information, the SARC is rapidly evolving into a high-value asset to computer forensic examiners who wish to conduct steganalysis on seized media. The SARC has the products and support that can provide you with state-of-the-art solutions and benefits.
+
'''Malware''' is a short version of '''Malicious Software'''.
  
=Products=
+
Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.
  
* [http://www.sarc-wv.com/safdb.aspx Steganography Application Fingerprint Database] A fundamental goal of the SARC is to collect steganography, watermarking, and other data-hiding applications from various sources and incorporate file profiles computed from them into the SAFDB. The SAFDB can be used to review files on seized media by matching file profiles in the SAFDB. SAFDB is the most extensive steganography hash set publicly available. The file profiles contain identifying information such as filename, associated application name, file size, and several unique hash values. These hash values may be used to determine the presence of a steganography application or artifact of a steganography application on the media being examined. The SAFDB is available for download in formats compatible with most of the popular digital forensic tools and utilities: EnCase, Forensic Toolkit (FTK), HashKeeper, ILook, and ProDiscover.
+
== Virus ==
* [http://www.sarc-wv.com/stegalyzeras.aspx Steganography Analyzer Artifact Scanner (StegAlyzerAS)] StegAlyzerAS gives you the capability to scan the entire file system, or individual directories, on suspect media for the presence of steganography application artifacts. And, unlike other popular forensic tools, you can perform an automated or manual search of the Windows Registry to determine whether or not any Registry keys or values exist that can be associated with a particular steganography application.
+
A computer program that can automatically copy itself and infect a computer.
* [http://www.sarc-wv.com/stegalyzerss.aspx Steganography Analyzer Signature Scanner (StegAlyzerSS)] StegAlyzerSS gives you the capability to scan every file on the suspect media for the presence of hexadecimal byte patterns, or signatures, of particular steganography applications in the files. If a known signature is detected, it may be possible to extract information hidden with the steganography application associated with the signature.
+
* [http://www.sarc-wv.com/stegalyzerrts.aspx Steganography Analyzer Real-Time Scanner (StegAlyzerRTS)] StegAlyzerRTS is the first commercially available network security appliance in the world capable of detecting the fingerprints and signatures of digital steganography applications in real-time.
+
  
=Training=
+
== Worm ==
 +
A self-replicating computer program that can automatically infect computers on a network.
  
* [http://www.sarc-wv.com/training.aspx Certified Steganography Examiner Training]
+
== Trojan horse ==
 +
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
  
==External Links==
+
== Spyware ==
* [http://www.sarc-wv.com Steganography Analysis and Research Center Website]
+
A computer program that can automatically intercept or take partial control over the user's interaction.
 +
 
 +
== Exploit Kit ==
 +
A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits]. Often utilizing a drive-by-download.
 +
 
 +
=== Drive-by-download ===
 +
Any download that happens without a person's knowledge [http://en.wikipedia.org/wiki/Drive-by_download].
 +
 
 +
== See Also ==
 +
 
 +
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Malware Wikipedia entry on malware]
 +
* [http://en.wikipedia.org/wiki/Drive-by_download Wikipedia drive-by-download]
 +
* [http://www.viruslist.com/ Viruslist.com]
 +
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
 +
 
 +
=== Exploit Kit ===
 +
* [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits What Are Exploit Kits?], by [[Lenny Zeltser]], October 26, 2010
 +
* [http://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/ The four seasons of Glazunov: digging further into Sibhost and Flimkit], by Fraser Howard on July 2, 2013
 +
 
 +
[[Category:Malware]]

Revision as of 01:05, 21 October 2013

Malware is a short version of Malicious Software.

Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.

Virus

A computer program that can automatically copy itself and infect a computer.

Worm

A self-replicating computer program that can automatically infect computers on a network.

Trojan horse

A computer program which appears to perform a certain action, but actually performs many different forms of codes.

Spyware

A computer program that can automatically intercept or take partial control over the user's interaction.

Exploit Kit

A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [1]. Often utilizing a drive-by-download.

Drive-by-download

Any download that happens without a person's knowledge [2].

See Also

External Links

Exploit Kit