CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files

by Zaid Abdulelah Mundher
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 171 - Number 6
Year of Publication: 2017
Authors: Zaid Abdulelah Mundher
10.5120/ijca2017915038

Zaid Abdulelah Mundher . Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files. International Journal of Computer Applications. 171, 6 ( Aug 2017), 37-39. DOI=10.5120/ijca2017915038

@article{ 10.5120/ijca2017915038,
author = { Zaid Abdulelah Mundher },
title = { Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files },
journal = { International Journal of Computer Applications },
issue_date = { Aug 2017 },
volume = { 171 },
number = { 6 },
month = { Aug },
year = { 2017 },
issn = { 0975-8887 },
pages = { 37-39 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume171/number6/28188-2017915038/ },
doi = { 10.5120/ijca2017915038 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:18:45.509441+05:30
%A Zaid Abdulelah Mundher
%T Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files
%J International Journal of Computer Applications
%@ 0975-8887
%V 171
%N 6
%P 37-39
%D 2017
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Hidden processes threat, which is a technique that is used by malicious code to hide their activities, is a serious threat to the operating systems. Therefore, the security programs try to defeat this threat using different approaches. This paper presents a hidden processes detector (HPD) program to detect hidden processes on Windows-based systems. The proposed HPD program introduces a new approach based on the Windows Prefetch files. The proposed HPD program has been tested and the results have been mentioned in this paper.

References
  1. Hale Ligh, M., Case, A. , Levy, J. , Walters, A. 2014, “ The Art of Memory Forensics”, John Wiley & Sons, Inc.
  2. Carvey, H., 2012, "Windows Forensic Analysis Toolkit", Syngress.
  3. Blunden, B. , 2013, "The Rootkit Arsenal", 2nd Edition,
  4. Wen, Y., Zhao, J. , Wang, H. ,Implicit Detection of Hidden Processes with a Local-Booted Virtual Machine, International Journal of Security and Its Applications vol. 2. No. 4, 2008
  5. Rutkowski, J., 2003, Advanced Windows 2000 Rootkit Detection.
  6. Oroszlany, M., 2008, Rootkits under Windows OS and methods of their detection
  7. ARNOLD, T. , 2011, A COMPARATIVE ANALYSIS OF ROOTKIT DETECTION TECHNIQUES.
  8. Bozagac, C., 2006,GHOSTWARE AND ROOTKIT DETECTION TECHNIQUES FOR WINDOWS.
  9. Bravo, P. , García, D. , PROACTIVE DETECTION OF KERNEL-MODE ROOTKITS
  10. Hoglund, G., Butler, J. , 2005, Rootkits: Subverting the Windows Kernel.
  11. Messier, R., 2016, OPERATING SYSTEM FORENSICS, Syngress.
  12. http://diggfreeware.com/incredible-free-and-open-source-process-hider-and-file-hider/]
  13. Garcia, L., 2011, BULK EXTRACTOR WINDOWS PREFETCH DECODER.
Index Terms

Computer Science
Information Sciences

Keywords

Hidden-process Windows Prefetch files Rootkit.

Powered by PhDFocusTM