Keungi Lee scite author profile

Keungi Lee

2Publications

0Citation Statements Received

14Citation Statements Given

How they've been cited

How they cite others

Affiliations

Publications

Order By: Most citations

Packed PE File Detection for Malware Forensics

Han¹,

Lee²,

Lee³

2009

View full text Add to dashboard Cite

In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus software have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of the entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

show abstract

The effective method of database server forensics on the enterprise environment

Son¹,

Lee²,

Jeon³

et al. 2012

Security Comm Networks

View full text Add to dashboard Cite

When a forensic investigation is carried out in the enterprise environment, most of the important data are stored in database servers, and data stored in them are very important elements for a forensic investigation. As for database servers with such data stored, there are over 10 various kinds, such as SQL Server and Oracle. All the methods of investigating a database system are important, but this study suggests a single methodology likely to investigate all the database systems while considering the unique characteristics of each database system. A method of detecting a server and acquiring and investigating data in the server can be effectively used for such an investigation on the enterprise environment. For the existing investigation on server systems, severs should be shut down, and disc imaging should be conducted first. However, such a method may inflict great losses on the company in some cases. That is why we need a method to acquire data of a server in on‐line state, and this study discusses this method. Besides, on the basis of methodology, this study attempts to determine a possibility that this new forensic investigation method can be practically used by directly applying this method to SQL Server and MySQL databases. Copyright © 2012 John Wiley & Sons, Ltd.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Keungi Lee

Packed PE File Detection for Malware Forensics

The effective method of database server forensics on the enterprise environment

Contact Info

Product

Resources

About