CFP last date
22 April 2024
Reseach Article

Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files

by Zaid Abdulelah Mundher
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 171 - Number 6
Year of Publication: 2017
Authors: Zaid Abdulelah Mundher
10.5120/ijca2017915038

Zaid Abdulelah Mundher . Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files. International Journal of Computer Applications. 171, 6 ( Aug 2017), 37-39. DOI=10.5120/ijca2017915038

@article{ 10.5120/ijca2017915038,
author = { Zaid Abdulelah Mundher },
title = { Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files },
journal = { International Journal of Computer Applications },
issue_date = { Aug 2017 },
volume = { 171 },
number = { 6 },
month = { Aug },
year = { 2017 },
issn = { 0975-8887 },
pages = { 37-39 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume171/number6/28188-2017915038/ },
doi = { 10.5120/ijca2017915038 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:18:45.509441+05:30
%A Zaid Abdulelah Mundher
%T Design and Implement a Hidden Processes Detector (HPD) based on Windows Prefetch Files
%J International Journal of Computer Applications
%@ 0975-8887
%V 171
%N 6
%P 37-39
%D 2017
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Hidden processes threat, which is a technique that is used by malicious code to hide their activities, is a serious threat to the operating systems. Therefore, the security programs try to defeat this threat using different approaches. This paper presents a hidden processes detector (HPD) program to detect hidden processes on Windows-based systems. The proposed HPD program introduces a new approach based on the Windows Prefetch files. The proposed HPD program has been tested and the results have been mentioned in this paper.

References
  1. Hale Ligh, M., Case, A. , Levy, J. , Walters, A. 2014, “ The Art of Memory Forensics”, John Wiley & Sons, Inc.
  2. Carvey, H., 2012, "Windows Forensic Analysis Toolkit", Syngress.
  3. Blunden, B. , 2013, "The Rootkit Arsenal", 2nd Edition,
  4. Wen, Y., Zhao, J. , Wang, H. ,Implicit Detection of Hidden Processes with a Local-Booted Virtual Machine, International Journal of Security and Its Applications vol. 2. No. 4, 2008
  5. Rutkowski, J., 2003, Advanced Windows 2000 Rootkit Detection.
  6. Oroszlany, M., 2008, Rootkits under Windows OS and methods of their detection
  7. ARNOLD, T. , 2011, A COMPARATIVE ANALYSIS OF ROOTKIT DETECTION TECHNIQUES.
  8. Bozagac, C., 2006,GHOSTWARE AND ROOTKIT DETECTION TECHNIQUES FOR WINDOWS.
  9. Bravo, P. , García, D. , PROACTIVE DETECTION OF KERNEL-MODE ROOTKITS
  10. Hoglund, G., Butler, J. , 2005, Rootkits: Subverting the Windows Kernel.
  11. Messier, R., 2016, OPERATING SYSTEM FORENSICS, Syngress.
  12. http://diggfreeware.com/incredible-free-and-open-source-process-hider-and-file-hider/]
  13. Garcia, L., 2011, BULK EXTRACTOR WINDOWS PREFETCH DECODER.
Index Terms

Computer Science
Information Sciences

Keywords

Hidden-process Windows Prefetch files Rootkit.