The Hidden Threat: Detecting API Hooking in Memory Forensics Using Open-Source Tools

The Hidden Threat: Detecting API Hooking in Memory Forensics Using Open-Source Tools

연구 분야: Safety

학회: 2023 International Conference on New Frontiers in Communication, Automation, Management and Security (ICCAMS)

API hooking is a prevalent technique utilized by malicious actors to compromise the integrity and security of computer systems. Through the interception and manipulation of system function calls, API hooking allows unauthorized code execution, granting attackers control over critical processes. Detecting and understanding such hooking attempts are of paramount importance for effective memory forensics, enabling the identification and mitigation of potential threats. This research paper presents an in-depth investigation into API hooking by injecting hooks into the Notepad application. Subsequently, the memory of the infected system is captured and analyzed using two open-source tools, Volatility and MemProcFs. A comprehensive comparative analysis between these tools is conducted to assess their efficiency in detecting and analyzing API hooking. The experimental results shed light on the significance of memory forensics for combatting API hooking and offer valuable insights to forensic analysts and cybersecurity practitioners.