| Recently, with the prosperity of information exchange and development of Internet technology, people’s daily life has become more convenience than before. However, the cyber crime cases has boosted with rapid increase of computer, which has impacted the economic security of current society. As a special subject anti computer and cyber crime, the technology of computer forensics comes into being. The performance of concealment of computer forensics software is so poor because of the analogous nature of malicious files in processing the cloud antivirus. This situation results in the failure of forensic process and arouses the suspects’vigilance that leads to more difficult to obtain evidence. Therefore the research of computer forensics software survival becomes particularly important.This research emphasizes on code metamorphism techniques through the analysis of cloud antivirus and common self-protection techniques of PE file. These two technologies have been widely applied in the field of software protection. The theories and technologies of code metamorphism of PE file are analyzed, for example the PE file format, disassembly technology of PE file, random junk code encryption and anti-reverse debugging techniques. A method of code metamorphism of PE file using an improve approach is proposed. Compared with traditional LZMA approach, the improve approach is presented and better applied in5aspects of compression metamorphism, including encryption, parallel strategy, directory search strategy, output unit and packing.A self-protection framework of PE file based on the theoretical research above is proposed and implemented. The effects of each module and overall are verified by experiments. Furthermore, this framework has been applied in an actual network information acquisition system, which is utilized to observe the actual usage. The results demonstrate that computer forensics software using the proposed self-protection framework of PE file works well in survival against cloud antivirus. |
PDF Full Text Request