Malicious file detection tool and hashing code.
Note: You are required to develop an application and write a report on what code you used (libraries, how the functions work etc.) and then also you must document some use case examples to illustrate how the application works.
You should do video record and screenshots to support your use cases.
Python language would be a better option to use
In each of the 3 options below, the fully working, fully implemented code is worth 70% and the report is worth 30%.
Malicious file detection tool (hashing)
File identification and malicious code detection are important parts of an investigation. The idea of this application is to scan a file system and identify benign or malicious files.
In order to rule out the benign files, you should use a look up database, such as NIST NSRL. The remaining files should be uploaded to VirusTotal (VT) via the API and checked.
Functions could include:
• Scanfilesystem() – function to walk through the file system and parse the files. All files should be hashed using a suitable hash (e.g., MD% or SHA).
• Queryhashedb() – this function will do a lookup of the hashes on a benign DB and if the hash is found, it is discarded from the list.
• Queryvt() – this function will query the remaining file hashes against the VT repository.
• Report() – this function will write a report to a file of the malicious files found on the system.
The post Malicious file detection tool and hashing code : Develop an application and write a report on what code you used. appeared first on Essay Quoll.