Exploring Provenance Needs in Software Reverse Engineering

Authors

Wayne C. Henry, Air Force Institute of TechnologyFollow
Gilbert L. Peterson, Air Force Institute of TechnologyFollow

Document Type

Conference Proceeding

Publication Date

5-2020

Abstract

Reverse engineers are in high demand in digital forensics for their ability to investigate malicious cyberspace threats. This group faces unique challenges due to the security-intensive environment, such as working in isolated networks, a limited ability to share files with others, immense time pressure, and a lack of cognitive support tools supporting the iterative exploration of binary executables. This paper presents an exploratory study that interviewed experienced reverse engineers’ work processes, tools, challenges, and visualization needs. The findings demonstrate that engineers have difficulties managing hypotheses, organizing results, and reporting findings during their analysis. By considering the provenance support techniques of existing research in other domains, this study contributes new insights about the needs and opportunities for reverse engineering provenance tools.

Comments

This conference paper is available with an IEEE subscription through the DOI link on this page.

Current AFIT faculty, students and staff may access the paper by clicking here.

DOI

10.1109/SADFE51007.2020.00008

Source Publication

2020 13th International Conference on Systematic Approaches to Digital Forensic Engineering (SADFE)

Recommended Citation

W. C. Henry and G. L. Peterson, "Exploring Provenance Needs in Software Reverse Engineering," 2020 13th International Conference on Systematic Approaches to Digital Forensic Engineering (SADFE), New York, NY, USA, 2020, pp. 57-65, doi: 10.1109/SADFE51007.2020.00008.