Difference between pages "JTAG Forensics" and "Malware"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Procedures)
 
 
Line 1: Line 1:
== Definition ==
+
'''Malware''' is a short version of '''Malicious Software'''.
=== From Wikipedia ([http://en.wikipedia.org/wiki/Joint_Test_Action_Group http://en.wikipedia.org/wiki/Joint_Test_Action_Group ]): ===
+
  
Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.
+
Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.
  
=== Forensic Application ===
+
== Virus ==
 +
A computer program that can automatically copy itself and infect a computer.
  
JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.
+
== Worm ==
 +
A self-replicating computer program that can automatically infect computers on a network.
  
== Tools and Equipment ==
+
== Trojan horse ==
 +
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
  
* [[JTAG and Chip-Off Tools and Equipment]]
+
== Spyware ==
 +
A computer program that can automatically intercept or take partial control over the user's interaction.
  
== Procedures ==
+
== Exploit Kit ==
 +
A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits]. Often utilizing a drive-by-download.
  
* [[JTAG HTC Wildfire S]]
+
=== Drive-by-download ===
* [[JTAG Huawei TracFone M865C]]
+
Any download that happens without a person's knowledge [http://en.wikipedia.org/wiki/Drive-by_download].
* [[JTAG Huawei TracFone M866C]]
+
 
* [[JTAG Huawei U8655]]
+
== Rootkit ==
* [[JTAG LG L45C TracFone]]
+
A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to an operating system.
* [[JTAG LG P930 (Nitro HD)]]
+
 
* [[JTAG Samsung Galaxy S4 (SGH-I337)]]
+
== See Also ==
 +
* [[Malware analysis]]
 +
 
 +
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Malware Wikipedia entry on malware]
 +
* [http://en.wikipedia.org/wiki/Drive-by_download Wikipedia drive-by-download]
 +
* [http://www.viruslist.com/ Viruslist.com]
 +
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
 +
 
 +
=== Exploit Kit ===
 +
* [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits What Are Exploit Kits?], by [[Lenny Zeltser]], October 26, 2010
 +
* [http://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/ The four seasons of Glazunov: digging further into Sibhost and Flimkit], by Fraser Howard, July 2, 2013
 +
* [http://www.kahusecurity.com/2013/kore-exploit-kit/ Kore Exploit Kit], Kahu Security blog, July 18, 2013
 +
 
 +
=== Rootkit ===
 +
* [http://en.wikipedia.org/wiki/Rootkit Wikipedia: Rootkit]
 +
* [http://articles.forensicfocus.com/2013/11/22/understanding-rootkits/ Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection], by Dmitry Korolev, Yuri Gubanov, Oleg Afonin, November 22, 2013
 +
 
 +
[[Category:Malware]]

Revision as of 17:11, 26 November 2013

Malware is a short version of Malicious Software.

Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.

Virus

A computer program that can automatically copy itself and infect a computer.

Worm

A self-replicating computer program that can automatically infect computers on a network.

Trojan horse

A computer program which appears to perform a certain action, but actually performs many different forms of codes.

Spyware

A computer program that can automatically intercept or take partial control over the user's interaction.

Exploit Kit

A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [1]. Often utilizing a drive-by-download.

Drive-by-download

Any download that happens without a person's knowledge [2].

Rootkit

A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to an operating system.

See Also

External Links

Exploit Kit

Rootkit