Tools
Tools
Bentley, Peter 
ORCID: https://orcid.org/0000-0002-6438-0028
(2025)
A Review of Some Windows’ File Metadata Which Could Highlight Indicators of Compromise.
Technical Report.
University of Gloucestershire, University of Gloucestershire.
(Unpublished)
Preview |
Text (A Review of Some Windows’ File Metadata Which Could Highlight Indicators of Compromise)
15315 Bentley, P. (2025) A Review of Some Windows’ File Metadata Which Could Highlight Indicators of Compromise.pdf - Accepted Version Available under License All Rights Reserved. Download (415kB) | Preview |
Abstract
Advanced Persistent Threats are known to obfuscate their malware through encryption, encoding, change of file extension. This paper reviews the files through analysis of the File Name, Index of Coincidence, alphabet size and File Extension Separator to highlight files which may be candidates for malware. It uses one bespoke program to calculate the Index of Coincidence and is mainly Living off the Land i.e. uses Windows software for other data manipulation.
| Item Type: | Monograph (Technical Report) |
|---|---|
| Uncontrolled Keywords: | Microsoft Windows; Encrypt; Decrypt; Encode; Decode; Compression, Advanced Persistent Threat (APT); Malware; File Extension; Index of Coincidence; Indicator of Compromise; Base64, Alphabet Length; Living off the Land |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software > QA76.76 Computer software topics A-Z |
| Divisions: | Schools and Research Institutes > School of Business, Computing and Social Sciences |
| Depositing User: | Peter Bentley |
| Date Deposited: | 19 Sep 2025 14:06 |
| Last Modified: | 19 Sep 2025 14:06 |
| URI: | https://eprints.glos.ac.uk/id/eprint/15315 |
University Staff: Request a correction | Repository Editors: Update this record
