Call for Paper - November 2023 Edition
IJCA solicits original research papers for the November 2023 Edition. Last date of manuscript submission is October 20, 2023. Read More

Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2017
Authors:
Zaid Abdulelah Mundher
10.5120/ijca2017915038

Zaid Abdulelah Mundher. Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files. International Journal of Computer Applications 171(6):37-39, August 2017. BibTeX

@article{10.5120/ijca2017915038,
	author = {Zaid Abdulelah Mundher},
	title = {Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files},
	journal = {International Journal of Computer Applications},
	issue_date = {August 2017},
	volume = {171},
	number = {6},
	month = {Aug},
	year = {2017},
	issn = {0975-8887},
	pages = {37-39},
	numpages = {3},
	url = {http://www.ijcaonline.org/archives/volume171/number6/28188-2017915038},
	doi = {10.5120/ijca2017915038},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

Hidden processes threat, which is a technique that is used by malicious code to hide their activities, is a serious threat to the operating systems. Therefore, the security programs try to defeat this threat using different approaches. This paper presents a hidden processes detector (HPD) program to detect hidden processes on Windows-based systems. The proposed HPD program introduces a new approach based on the Windows Prefetch files. The proposed HPD program has been tested and the results have been mentioned in this paper.

References

  1. Hale Ligh, M., Case, A. , Levy, J. , Walters, A. 2014, “ The Art of Memory Forensics”, John Wiley & Sons, Inc.
  2. Carvey, H., 2012, "Windows Forensic Analysis Toolkit", Syngress.
  3. Blunden, B. , 2013, "The Rootkit Arsenal", 2nd Edition,
  4. Wen, Y., Zhao, J. , Wang, H. ,Implicit Detection of Hidden Processes with a Local-Booted Virtual Machine, International Journal of Security and Its Applications vol. 2. No. 4, 2008
  5. Rutkowski, J., 2003, Advanced Windows 2000 Rootkit Detection.
  6. Oroszlany, M., 2008, Rootkits under Windows OS and methods of their detection
  7. ARNOLD, T. , 2011, A COMPARATIVE ANALYSIS OF ROOTKIT DETECTION TECHNIQUES.
  8. Bozagac, C., 2006,GHOSTWARE AND ROOTKIT DETECTION TECHNIQUES FOR WINDOWS.
  9. Bravo, P. , García, D. , PROACTIVE DETECTION OF KERNEL-MODE ROOTKITS
  10. Hoglund, G., Butler, J. , 2005, Rootkits: Subverting the Windows Kernel.
  11. Messier, R., 2016, OPERATING SYSTEM FORENSICS, Syngress.
  12. http://diggfreeware.com/incredible-free-and-open-source-process-hider-and-file-hider/]
  13. Garcia, L., 2011, BULK EXTRACTOR WINDOWS PREFETCH DECODER.

Keywords

Hidden-process, Windows Prefetch files, Rootkit.